Results 1 to 5 of 5

Thread: recommended lock down of new Zimbra install

  1. #1
    dnk
    dnk is offline Junior Member
    Join Date
    Jun 2008
    Posts
    6
    Rep Power
    7

    Default recommended lock down of new Zimbra install

    Good day all,

    I going to be installing a test of Zimbra later today.

    Now I am considering implementing Zimbra for our office, but I was wondering, would it be safe to have the Zimbra server sitting in a data center (as opposed to my local lan), and allowing all features to be used from multiple locations (sitting behind a firewall with the appropriate ports open)? Our company has a lot of road warriors, and many will be in Mexico, with spotty connections and was hoping to not have to use a VPN due to user transparency, and possible vpn over head. I would use openvpn for my vpn server - if I go that route.

    What is the recommended topology for a Zimbra server when it should be access from many locations around the world?

    Also, are they additional port it will require other than the standards?

    Regards,

    DNK

  2. #2
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    Both of my ZCS installs set directly on the Internet. They have both WAN NIC for mail traffic and a LAN NIC for most Administration. I let the Linux firewall block all port other than those needed for mail and webmail on the WAN and all ports open on the LAN.

    As long as you understand how to setup a firewall I don't see any problems with having your server setting directly on the Internet.

  3. #3
    dnk
    dnk is offline Junior Member
    Join Date
    Jun 2008
    Posts
    6
    Rep Power
    7

    Default

    perfect. Thank you for the info. So no additional ports are needed for the outlook MAPI connections, and other shared resources (IE Calendars, contacts, etc). Good to hear!

    dnk

  4. #4
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Quote Originally Posted by dnk View Post
    So no additional ports are needed for the outlook MAPI connections, and other shared resources (IE Calendars, contacts, etc).
    Yup, don't need extra - the MAPI is over 80/443 - you can lock it down per this list: Firewall Configuration - Zimbra :: Wiki & Ports - Zimbra :: Wiki

    Before I forget: Welcome to the forums!

  5. #5
    dnk
    dnk is offline Junior Member
    Join Date
    Jun 2008
    Posts
    6
    Rep Power
    7

    Default

    Thank you very much for the wiki links..... I have been reading over the articles in there one by one....

    Excited to try this thing out!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 21
    Last Post: 02-04-2010, 10:06 AM
  2. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 02:00 AM
  3. Big Fubar on 5 FOSS GA Upgrade
    By uxbod in forum Administrators
    Replies: 24
    Last Post: 01-21-2008, 03:37 AM
  4. Replies: 31
    Last Post: 12-15-2007, 09:05 PM
  5. dspam logrotate errors
    By michaeln in forum Users
    Replies: 7
    Last Post: 02-19-2007, 12:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •