Firewall / NAT
I have successfully deployed Zimbra (and love it) for personal use. I use it for web mail only, and I would prefer port 80/443 to be the only external ports open. The problem I have run into is that when I port forward only ports 80 and 443, I can not receive any messages.
Can anyone offer a suggestion as to what ports Zimbra requires for external access?
Thanks in advance!
Well, any functioning email server needs port 25 open since that is how the email servers of the world talk amongst each other. :D
Originally Posted by dnewburg
I have opened ports 25, 80, and 443, but still no luck... I can successfully receive mail when I place the Zimbra server on my DMZ. Here is what nmap reports when I have it all open:
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
110/tcp open pop3
143/tcp open imap
389/tcp open ldap
443/tcp open https
993/tcp open imaps
995/tcp open pop3s
3310/tcp open unknown
7025/tcp open unknown
7035/tcp open unknown
7071/tcp open unknown
7780/tcp open unknown
Since you haven't described how your network is setup, can you describe how you are configured?
Do you have a public static IP or are you NAT'ing? If you are NAT'ing, then you need to port forward the router public IP to your Zimbra server for 25, 80, 443 and you need to ensure your MX record is pointing to that router public IP.
My configuration is as follows: I have a public IP that points to my router's public IP. When I place my Zimbra server on my DMZ (ie all ports open to Zimbra server), there is no issue. When I try to NAT and port forward specific ports, that is when mail is getting lost. My MX records should be accurate since I can receive mail, correct?
There should be no problem running Zimbra behind a NAT router, if the ports are open and forwarded then it will work. I have my server obehind a NAT router and it doesn't have any problems receiving mail.
If it works in the DMZ and doesn't when it's behind the NAT router with the ports forwarded then that suggests the NAT device is interfering with the connection. What type of NAT device is it? Does it have any firewall on it? Does it have any facility for 'content filtering'? Any of those can stop your server.
I am using a Linksys WRT54G router. I am doing this on a basic home configuration. Is the WRT known for NAT issues like this?
It's not known for NAT problems. Have you got the most recent firmware installed? Have you disabled the Web Filters feature? Have you modified the Filters tab to allow access to Local PCs? I assume you've got the correct ports forwarded to the correct Fixed IP of the Zimbra server? Do you have a firewall on the Zimbra server? If so then disable it when it's behind the router.
We all learn something new everyday! Thank you for your help. I had the Linksys SPI Firewall enabled, so I assume it was filtering content when I placed the server behind the firewall and attempted to port forward.
Sometime an SPI firewall will be OK but more ofetn than not it causes problems. Glad you've got it working.:)