Results 1 to 10 of 10

Thread: [SOLVED] What to confirm firewall ports and client settings

  1. #1
    yonatan is offline Special Member
    Join Date
    May 2010
    Posts
    171
    Rep Power
    5

    Default [SOLVED] What to confirm firewall ports and client settings

    If I want to offer external access to my Zimbra server with the web client and IMAP I need to open these two ports:

    HTTPS 443
    IMAP SSL 993


    However, I'm not sure about SMTP. Is it enought to open port 25 or should I also open 587? Can someone please explain.

    Finally, client mail application settings.

    This is going to sound silly, but in a single server setup am I correct that the incoming and outgoing mail servers are the same, i.e. mail.mydomain.com? I was looking at my personal Apple me.com setup and the servers are different, i.e. mail.me.com and smtp.me.com.

    Also, should the connection for outgoing mail use SSL and/ or authentication or neither?

    Thanks

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Quote Originally Posted by yonatan View Post
    However, I'm not sure about SMTP. Is it enought to open port 25 or should I also open 587? Can someone please explain.
    Port 25 (SMTP port) is is the port that MTAs (mail servers) communicate by, port 587 is the Submission port that c;ients use to submit mail to your server for a local user or for relay to another server.

    Quote Originally Posted by yonatan View Post
    This is going to sound silly, but in a single server setup am I correct that the incoming and outgoing mail servers are the same, i.e. mail.mydomain.com? I was looking at my personal Apple me.com setup and the servers are different, i.e. mail.me.com and smtp.me.com.
    It should be the same whether it's a single or multiple server, what you've mentioned here is just a DNS entry to point the client at the location of your server (although it may also be a different outbound only server).

    Quote Originally Posted by yonatan View Post
    Also, should the connection for outgoing mail use SSL and/ or authentication or neither?
    What do you mean by 'outgoing mail'? If you mean my sent by a client connected to your computer then the setting for SSL etc. is up to you (the Admin).
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    yonatan is offline Special Member
    Join Date
    May 2010
    Posts
    171
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    Port 25 (SMTP port) is is the port that MTAs (mail servers) communicate by, port 587 is the Submission port that c;ients use to submit mail to your server for a local user or for relay to another server.
    Ok, let me see if I got this. Port 25 (SMTP) definitely needs to be open. The submission port (587) is for users on mydomain.com when they use a mail application. So, if I don't open 587 then my users will not be able to send mail?

    Quote Originally Posted by phoenix View Post
    What do you mean by 'outgoing mail'? If you mean my sent by a client connected to your computer then the setting for SSL etc. is up to you (the Admin).
    Sorry phoenix. What I meant was when I setup a user's mail application, i.e. Apple Mail.app for the field "Outgoing mail server (SMTP):" I write mydomain.com. My question was whether this connection should also use SSL otherwise email submitted from my users to my Zimbra server is not secure, right?

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Quote Originally Posted by yonatan View Post
    So, if I don't open 587 then my users will not be able to send mail?
    That would be true for user outside your LAN.


    Quote Originally Posted by yonatan View Post
    My question was whether this connection should also use SSL otherwise email submitted from my users to my Zimbra server is not secure, right?
    I understood the question, the decision on whether you use SSL is yours and the connection won't be secure if you don't use SSL (believe it or not, some people don't ).
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    yonatan is offline Special Member
    Join Date
    May 2010
    Posts
    171
    Rep Power
    5

    Default

    Just got my internet connection back! ISP's DNS servers down

    Quote Originally Posted by phoenix View Post
    That would be true for user outside your LAN.
    Can you please explain why a user on the LAN would be able to send, but not a user on the WAN.

    Quote Originally Posted by phoenix View Post
    I understood the question, the decision on whether you use SSL is yours and the connection won't be secure if you don't use SSL (believe it or not, some people don't ).
    Sure I understand. Obviously, I'm looking to secure the communication as much as possible and reasonable. The point about some people not using SSL is interesting as my current email hosting provider, e.g. ISP specifically says not to enable SSL on the outgoing mail server connection.

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Quote Originally Posted by yonatan View Post
    Can you please explain why a user on the LAN would be able to send, but not a user on the WAN.
    You've already answered that yourself, if the port isn't open they won't be able to connect from outside the LAN to send mail whereas the LAN user should be able to connect and can send mail.



    Quote Originally Posted by yonatan View Post
    Sure I understand. Obviously, I'm looking to secure the communication as much as possible and reasonable. The point about some people not using SSL is interesting as my current email hosting provider, e.g. ISP specifically says not to enable SSL on the outgoing mail server connection.
    There is no reason not to enable SSL for any connection on the internet and as far as I'm concerned it's irresponsible to not use it.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    yonatan is offline Special Member
    Join Date
    May 2010
    Posts
    171
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    You've already answered that yourself, if the port isn't open they won't be able to connect from outside the LAN to send mail whereas the LAN user should be able to connect and can send mail.
    Hehe, sometimes it's easier to just pick up the phone and call

    Let me try to clear up the confusion. Let's make it easy and say that on the LAN there are no firewall restrictions e.g. ports 25 and 587 as well as others are open. At the moment a user's mail application is configured to send mail on port 25. Is this incorrect? Should all sent mail go to 587?

  8. #8
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Quote Originally Posted by yonatan View Post
    Hehe, sometimes it's easier to just pick up the phone and call

    Let me try to clear up the confusion. Let's make it easy and say that on the LAN there are no firewall restrictions e.g. ports 25 and 587 as well as others are open. At the moment a user's mail application is configured to send mail on port 25. Is this incorrect?
    Strictly speaking, yes, that's incorrect - all mail from a client connection (i.e. your users Outlook, Thunderbird etc.) should be sent via port 587. There are plenty of examples on the internet that allow sending via port 25.

    Quote Originally Posted by yonatan View Post
    Should all sent mail go to 587?
    That would be my advice, teach your users some good email practice.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    yonatan is offline Special Member
    Join Date
    May 2010
    Posts
    171
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    Strictly speaking, yes, that's incorrect - all mail from a client connection (i.e. your users Outlook, Thunderbird etc.) should be sent via port 587. There are plenty of examples on the internet that allow sending via port 25.

    That would be my advice, teach your users some good email practice.
    phoenix you're a star! I will make the necessary changes ASAP!

  10. #10
    SpaceBass is offline Active Member
    Join Date
    Jan 2007
    Posts
    30
    Rep Power
    8

    Default

    I'm using port 25 only, with ssl, internally and externally.
    Considering migrating to 587 after reading this and as the result of some outbound 25 blocking that I'm seeing elsewhere.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. mail delivery queued after configuring linux firewall
    By infomate in forum Administrators
    Replies: 8
    Last Post: 04-03-2008, 06:12 PM
  2. Replies: 7
    Last Post: 09-30-2007, 07:52 AM
  3. Unable to access web client
    By scervera in forum Installation
    Replies: 10
    Last Post: 02-23-2007, 05:32 AM
  4. Inbound ports
    By Dirk in forum Administrators
    Replies: 2
    Last Post: 01-24-2007, 01:10 AM
  5. Unable to connect desktop client to Zimbra
    By FunkyPenguin in forum Users
    Replies: 10
    Last Post: 12-13-2005, 03:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •