Zimbra

GCamp · #1 (**permalink**) 12-05-2008, 07:02 AM

I just performed a port scan on my email server and it reported UDP port 3127 opened and possibly being used by a trojan called W32Mydoom. My question is can I safely block this port in the firewall or is this port being used by Zimbra?

My Zimbra server is on the DMZ portion of the firewall so blocking any access to this port should

be no problem.

Rich Graves · #2 (**permalink**) 12-05-2008, 07:09 AM

No, you don't have an old Windows worm running on your Mac/Linux box.

One or more of these should tell you what it is. If you're using RedHat/CentOS and you don't need NFS, rpm -e nfs-utils.

netstat -nap | grep 3127
rpcinfo -p localhost | grep 3127
lsof -n | grep 3127

GCamp · #3 (**permalink**) 12-05-2008, 07:17 AM

Thanks for the quick reply.

I ran all three on my Ubuntu system and did not get any responses. It sounds like I got concerned for nothing.

Bill Brock · #4 (**permalink**) 12-05-2008, 07:33 AM

Are you not running a firewall on your machine? If it is in the DMZ it is wide open. If you don't have a firewall your LDAP may be vulnerable, at least more vulnerable than it should be.

Zimbra

Downloads

Product Information

Toolbox

Why Join?