Port 7025 - Safe for Internet Exposure?

[Techmonkey]

Hello,

I just installed a Zimbra Open Source 5.0.13 on Ubuntu 8.0.4 to evaluate and learn on. Everything went well except for messages being deferred because the MTA was attempting to connect to my external firewall interface instead of locally. I read up on the problem, and applied an alias with the public address that the MTA was trying to connect to on my network adapter as suggested in the wiki. The end result was all sorts of oddness. I couldn't connect to the server's webmail interface from the internal network, opening programs at the console (ex: terminal) show "Opening 0" in the taskbar and then disappear. I rebooted to clear the alias and everything returned to normal. If I forward the port from my firewall, everything works fine and mail arrives in a timely fashion.

My question:

Is it safe to leave port 7025 exposed to the Internet?
If not, can anyone point me in the right direction in terms of applying the alias?

The alias command I ran is: sudo ifconfig eth1:0 xxx.xxx.xxx.xxx netmask 255.255.255.255 up

Edit:

I am giving the alias another try. This time I am not experiencing any oddness with opening programs on the system, but Zimbra is showing the same results.

My ifconfig output:

eth1 Link encap:Ethernet HWaddr 00:0e:a6:e0:ff:9b
inet addr:192.168.0.252 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20e:a6ff:fee0:ff9b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19051 errors:0 dropped:0 overruns:0 frame:0
TX packets:26491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1307065 (1.2 MB) TX bytes:24988893 (23.8 MB)
Interrupt:18

eth1:0 Link encap:Ethernet HWaddr 00:0e:a6:e0:ff:9b
inet addr:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx.255 Mask:255.255.255.255 (xxx.xxx.xxx.xxx = my public IP)
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:17506 errors:0 dropped:0 overruns:0 frame:0
TX packets:17506 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5661674 (5.3 MB) TX bytes:5661674 (5.3 MB)

With these settings applied, the web interface times out with "cannot connect to server" as the error. I'm guessing it's directing it's resonses for external hosts trying to connect back unto itself because it thinks it is that public IP. Though the computers I am trying to connect from are on the 192.168.0.0 internal subnet. I'm sure I'm missing something basic here. Must need more coffee.

[phoenix]

My question:

Is it safe to leave port 7025 exposed to the Internet?
If not, can anyone point me in the right direction in terms of applying the alias?

You need to set-up a Split DNS so Zimbra can resolve it's internal IP.

The alias command I ran is: sudo ifconfig eth1:0 xxx.xxx.xxx.xxx netmask 255.255.255.255 up

You don't need that for Zimbra.

[Techmonkey]

Worked fine. Fixed the issue. Guess I was just feeling lazy and avoiding it. Thanks for the guidance.

[kminamoto]

Hello everyone.
On my multi server layout, I have an old PC serving as firewall (using shorewall) and DNS at the same time.
My other 3 machines (Zimbra server, cloud and webpage servers) are NAT'ed on a DMZ. Ports are forwarded to the corresponding machines via the shorewall.
Maybe this is not the right thread, please forgive me if so; the thing is I want to close some ports to the outside, on my firewall machine, and am considering closing port 7025 to the internet (and maybe to the LAN). I'd really appreciate to know if it's necessary to setup a Split DNS on my Zimbra controller too.
Thanks in advance, best regards.
KM