| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
12-09-2010, 09:07 AM
| | Special Member | |
Posts: 124
| |  [SOLVED] What to confirm firewall ports and client settings
If I want to offer external access to my Zimbra server with the web client and IMAP I need to open these two ports:
HTTPS 443
IMAP SSL 993
However, I'm not sure about SMTP. Is it enought to open port 25 or should I also open 587? Can someone please explain.
Finally, client mail application settings.
This is going to sound silly, but in a single server setup am I correct that the incoming and outgoing mail servers are the same, i.e. mail.mydomain.com? I was looking at my personal Apple me.com setup and the servers are different, i.e. mail.me.com and smtp.me.com.
Also, should the connection for outgoing mail use SSL and/ or authentication or neither?
Thanks |
12-09-2010, 09:12 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,313
| |
Quote:
Originally Posted by yonatan  However, I'm not sure about SMTP. Is it enought to open port 25 or should I also open 587? Can someone please explain. | Port 25 (SMTP port) is is the port that MTAs (mail servers) communicate by, port 587 is the Submission port that c;ients use to submit mail to your server for a local user or for relay to another server. Quote:
Originally Posted by yonatan This is going to sound silly, but in a single server setup am I correct that the incoming and outgoing mail servers are the same, i.e. mail.mydomain.com? I was looking at my personal Apple me.com setup and the servers are different, i.e. mail.me.com and smtp.me.com. | It should be the same whether it's a single or multiple server, what you've mentioned here is just a DNS entry to point the client at the location of your server (although it may also be a different outbound only server). Quote:
Originally Posted by yonatan Also, should the connection for outgoing mail use SSL and/ or authentication or neither? | What do you mean by 'outgoing mail'? If you mean my sent by a client connected to your computer then the setting for SSL etc. is up to you (the Admin).
__________________
Regards
Bill
|
12-09-2010, 09:43 AM
| | Special Member | |
Posts: 124
| |
Quote:
Originally Posted by phoenix Port 25 (SMTP port) is is the port that MTAs (mail servers) communicate by, port 587 is the Submission port that c;ients use to submit mail to your server for a local user or for relay to another server. | Ok, let me see if I got this. Port 25 (SMTP) definitely needs to be open. The submission port (587) is for users on mydomain.com when they use a mail application. So, if I don't open 587 then my users will not be able to send mail? Quote:
Originally Posted by phoenix What do you mean by 'outgoing mail'? If you mean my sent by a client connected to your computer then the setting for SSL etc. is up to you (the Admin). | Sorry phoenix. What I meant was when I setup a user's mail application, i.e. Apple Mail.app for the field "Outgoing mail server (SMTP):" I write mydomain.com. My question was whether this connection should also use SSL otherwise email submitted from my users to my Zimbra server is not secure, right? |
12-09-2010, 10:04 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,313
| |
Quote:
Originally Posted by yonatan So, if I don't open 587 then my users will not be able to send mail? | That would be true for user outside your LAN. Quote:
Originally Posted by yonatan My question was whether this connection should also use SSL otherwise email submitted from my users to my Zimbra server is not secure, right? | I understood the question, the decision on whether you use SSL is yours and the connection won't be secure if you don't use SSL (believe it or not, some people don't  ).
__________________
Regards
Bill
|
12-09-2010, 01:57 PM
| | Special Member | |
Posts: 124
| |
Just got my internet connection back! ISP's DNS servers down 
Quote:
Originally Posted by phoenix That would be true for user outside your LAN. | Can you please explain why a user on the LAN would be able to send, but not a user on the WAN. Quote:
Originally Posted by phoenix I understood the question, the decision on whether you use SSL is yours and the connection won't be secure if you don't use SSL (believe it or not, some people don't ). | Sure I understand. Obviously, I'm looking to secure the communication as much as possible and reasonable. The point about some people not using SSL is interesting as my current email hosting provider, e.g. ISP specifically says not to enable SSL on the outgoing mail server connection. |
12-10-2010, 12:07 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,313
| |
Quote:
Originally Posted by yonatan Can you please explain why a user on the LAN would be able to send, but not a user on the WAN. | You've already answered that yourself, if the port isn't open they won't be able to connect from outside the LAN to send mail whereas the LAN user should be able to connect and can send mail. Quote:
Originally Posted by yonatan Sure I understand. Obviously, I'm looking to secure the communication as much as possible and reasonable. The point about some people not using SSL is interesting as my current email hosting provider, e.g. ISP specifically says not to enable SSL on the outgoing mail server connection. | There is no reason not to enable SSL for any connection on the internet and as far as I'm concerned it's irresponsible to not use it.
__________________
Regards
Bill
|
12-10-2010, 04:22 AM
| | Special Member | |
Posts: 124
| |
Quote:
Originally Posted by phoenix You've already answered that yourself, if the port isn't open they won't be able to connect from outside the LAN to send mail whereas the LAN user should be able to connect and can send mail. | Hehe, sometimes it's easier to just pick up the phone and call 
Let me try to clear up the confusion. Let's make it easy and say that on the LAN there are no firewall restrictions e.g. ports 25 and 587 as well as others are open. At the moment a user's mail application is configured to send mail on port 25. Is this incorrect? Should all sent mail go to 587? |
12-10-2010, 05:20 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,313
| |
Quote:
Originally Posted by yonatan Hehe, sometimes it's easier to just pick up the phone and call
Let me try to clear up the confusion. Let's make it easy and say that on the LAN there are no firewall restrictions e.g. ports 25 and 587 as well as others are open. At the moment a user's mail application is configured to send mail on port 25. Is this incorrect? | Strictly speaking, yes, that's incorrect - all mail from a client connection (i.e. your users Outlook, Thunderbird etc.) should be sent via port 587. There are plenty of examples on the internet that allow sending via port 25. Quote:
Originally Posted by yonatan Should all sent mail go to 587? | That would be my advice, teach your users some good email practice. 
__________________
Regards
Bill
|
12-10-2010, 05:41 AM
| | Special Member | |
Posts: 124
| |
Quote:
Originally Posted by phoenix Strictly speaking, yes, that's incorrect - all mail from a client connection (i.e. your users Outlook, Thunderbird etc.) should be sent via port 587. There are plenty of examples on the internet that allow sending via port 25.
That would be my advice, teach your users some good email practice. | phoenix you're a star! I will make the necessary changes ASAP! |
12-10-2010, 08:58 AM
| | |
I'm using port 25 only, with ssl, internally and externally.
Considering migrating to 587 after reading this and as the result of some outbound 25 blocking that I'm seeing elsewhere. | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
