Default Ports Used by Zimbra

External Access

These are ports typically available to mail clients.
PortProtocolZimbra ServiceDescription
25smtpmtaincoming mail to postfix
80httpmailbox / proxyweb mail client (disabled by default in 8.0)
110pop3mailbox / proxyPOP3
143imapmailbox / proxyIMAP
443httpsmailbox / proxy – web mail clientHTTP over TLS
465smtpsmtaIncoming mail to postfix over TLS (Legacy Outlook only? If possible, use 587 instead)
587smtpmtaMail submission over TLS
993imapsmailbox / proxyIMAP over TLS
995pop3smailbox / proxyPOP3 over TLS
3443httpsproxyUser Certificate Connection Port (optional)
5222xmppmailboxDefault server port
5223xmppmailboxDefault legacy SSL port
9071httpsproxy admin consoleHTTP over TLS (optional)

Internal Access

These are ports typically only used by the Zimbra system itself.
PortProtocolZimbra ServiceDescription
389ldapldapLC(ldap_bind_url)
636ldapsldapsif enabled via LC(ldap_bind_url)
3310mta/clamdzimbraClamAVBindAddress
5269xmppmailboxServer-to-Server communications between servers on the same cluster
7025lmtpmailboxlocal mail delivery; zimbraLmtpBindAddress
7026miltermailboxzimbra-milterzimbraMilterBindAddress
7047httpconversion serverAccessed by localhost by default; binds to ‘*’
7071httpsmailboxadmin console HTTP over TLS; zimbraAdminBindAddress
7072httpmailboxZCS nginx lookup – backend http service for nginx lookup/authentication
7073httpmailboxZCS saslauthd lookup – backend http service for SASL lookup/authentication (added in ZCS 8.7)
7110pop3mailboxBackend POP3 (if proxy configured); zimbraPop3BindAddress
7143imapmailboxBackend IMAP (if proxy configured); zimbraImapBindAddress
7171zmconfigdconfiguration daemon; localhost
7306mysqlmailboxLC(mysql_bind_address); localhost
7307mysqlloggerlogger (removed in ZCS 7)
7780httpmailboxspell check
7993imapsmailboxBackend IMAP over TLS (if proxy configured); zimbraImapSSLBindAddress
7995pop3smailboxBackend POP3 over TLS (if proxy configured); zimbraPop3SSLBindAddress
8080httpmailboxBackend HTTP (if proxy configured on same host); zimbraMailBindAddress
8443httpsmailboxBackend HTTPS (if proxy configured on same host); zimbraMailSSLBindAddress
8465miltermta/opendkimOpenDKIM milter service; localhost
8735ngmailboxinternal mailbox to mailbox communication
8736ngmailboxdistributed configuration
10024smtpmta/amavisdto amavis from postfix; localhost
10025smtpmta/masteropendkim; localhost
10026smtpmta/amavisd“ORIGINATING” policy; localhost
10027smtpmta/masterpostjournal
10028smtpmta/mastercontent_filter=scan via opendkim; localhost
10029smtpmta/master“postfix/archive”; localhost
10030smtpmta/master10032; localhost
10031miltermta/cbpolicydcluebringer policyd
10032smtpmta/amavisd(antispam) “ORIGINATING_POST” policy
10663loggerLC(logger_zmrrdfetch_port); localhost
23232mta/amavisdamavis-services / msg-forwarder (zeromq); localhost
23233mta/amavisdsnmp-responder; localhost
11211memcachedmemcachednginx route lookups, mbox cache (calendar, folders, sync, tags); zimbraMemcachedBindAddress

System Access and Intra-Node Communication

In a multi-node environment the typical communication between nodes required includes:
Please note: this table is a WORK IN PROGRESS
DestinationSource(s)Description
ALL
22*ALL*SSH (system & zmrcd): host management
udp/53*ALL*DNS (system ¦ dnscache): name resolution
Logger
udp/514*ALL*syslog: system and application logging
LDAP
389*ALL*all nodes talk to LDAP server(s)
MTA
25ldapsent email (cron jobs)
25mboxsent email (web client, cron, etc.)
antivirus
3310mboxzimbraAttachmentsScanURL (not set by default)
memcached
11211mboxmbox metadata data cache
11211proxybackend mailbox route cache
Mailbox (mbox)
80proxybackend proxy http
110proxybackend proxy pop3
143proxybackend proxy imap
443proxybackend proxy https
993proxybackend proxy imaps
995proxybackend proxy pop3s
7025mtaall mta talk to any mbox (LMTP)
7047mboxlocalhost by default; zimbraConvertdURL
7071mboxall mbox talk to any mbox (Admin)
7072proxyzmlookup; zimbraReverseProxyLookupTarget
7073mtasasl auth; zimbraMtaAuthTarget (since ZCS 8.7)
Zimbra Docs
8443all docs + all mboxbackend https

Leave a Comment

Your email address will not be published. Required fields are marked *

Open chat