From 17c7606f8d647ebdc87b6c29e2efbe20ca83d602 Mon Sep 17 00:00:00 2001
From: Zhang Huangbin <Zhang Huangbin@localhost>
Date: Tue, 15 Nov 2016 14:11:47 +0800
Subject: [PATCH] Update en_US/overview/0-network.ports.md to use a html table
 for clearer explaination.

---
 en_US/overview/0-network.ports.md |  84 ++++--------
 html/network.ports.html           | 217 ++++++++++++++++++++----------
 2 files changed, 166 insertions(+), 135 deletions(-)
diff --git a/en_US/overview/0-network.ports.md b/en_US/overview/0-network.ports.md
index 5696af74..b741ae7b 100644
--- a/en_US/overview/0-network.ports.md
+++ b/en_US/overview/0-network.ports.md
@@ -1,66 +1,28 @@
 # Which network ports are open by iRedMail
 
-[TOC]
-
-## SMTP (Postfix)
-
-* 25: normal smtp port, used for server-to-server communication.
-* 587: Submission (SMTP over TLS), used for mail clients to send email.
-* 465: smtps (SMTP over SSL). Deprecated, and disabled by default, please use
-  port 587 instead.
-
-## POP3/IMAP (Dovecot)
-
-* 110: POP3 service, insecure connection. Supports STARTTLS for secure connection.
-* 995: POP3S (Secure POP3 over SSL). Deprecated, recommended to use port 110 with STARTTLS.
-* 143: IMAP service, insecure connection. Supports STARTTLS for secure connection.
-* 993: IMAPS (Secure IMAP over SSL). Deprecated,  recommended to use port 143 with STARTTLS.
-* 4190: managesieve service. (Refuse connections from external network in iptables by default). Note: in old iRedMail releases, it's port 2000, it's deprecated and not even listed in `/etc/services` file.
-
-## Web server (Apache or Nginx)
-
-* 80: normal web service port
-* 443: HTTPS (http over SSL, secure connection)
-
-SOGo groupware provides Exchange ActiveSync (EAS) support through port 443.
-
-## MySQL
-
-* 3306: default listen port. Listening on IP address `127.0.0.1` by default.
-
-## PostgreSQL
-
-* 5432: default listen port. Listening on IP address `127.0.0.1` by default.
-
-## OpenLDAP
-
-* 389: normal LDAP port, supports STARTTLS for secure connection.
-* 636: LDAP over SSL. Deprecated, recommended to use port 387 with STARTTLS for
-  secure connection.
-
-Listening on all available network interfaces by default, but access from
-external network is blocked by firewall (iptables, pf).
-
-## Amavisd-new
-
-* 10024: port used for inbound messages, includes spam/virus scanning, DKIM
-  verification, applying spam policy.
-* 10026: port used for outbound messages, includes spam/virus scanning, DKIM
-  signing, apply spam policy.
-* 9998: port used to manage quarantined emails.
-
-All ports are listening on `127.0.0.1` by default.
-
-## iRedAPD (Postfix policy server)
-
-* 7777: default listen port. Listening on IP address `127.0.0.1` by default,
-  offers greylisting, whitelisting, blacklists, throttling, and other features.
-
-## Policyd or Cluebringer (Postfix policy server)
+Port | Service | Software | Comment | Allow Public Access?
+--- |--- |--- |--- |---
+25 | smtp | Postfix | Normal smtp service, used for server-to-server communication. | YES
+587 | submission | Postfix | a.k.a. SMTP over TLS. Used by end users to send/submit email. | YES (open to your end users)
+465 | smtps | Postfix | a.k.a. SMTP over SSL. Deprecated and disabled by default, please use port 587 instead. | YES (open to your end users)
+110 | pop3 | Dovecot | Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is available by default. | YES (open to your end users)
+995 | pop3s | Dovecot | Used by end users to restrieve emails via POP3 protocol over SSL. Port 110 with STARTTLS is recommended. | YES (open to your rend users)
+143 | imap |Dovecot | Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is available by default. | YES (open to your end users)
+993 | imaps | Dovecot | Used by end users to restrieve emails via IMAP protocol over SSL. Port 143 with STARTTLS is recommended. | YES (open to your rend users)
+4190 | managesieve | Dovecot | Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in `/etc/services` file). | YES (open to your end users, or disabled and force users to manage mail filters with webmail)
+80 | http | Apache/Nginx | Web service | YES (open to your webmail users)
+443 | https | Apache/Nginx | Web service over over SSL, secure connection. SOGo groupware provides Exchange ActiveSync (EAS) support through port 443. | YES (open to your webmail users)
+3306 | mysql | MySQL/MariaDB | MySQL/MariaDB database service | NO (listen on `127.0.0.1` by default)
+5432 | postgresql | PostgreSQL | PostgreSQL database service | NO (listen on `127.0.0.1` by default)
+389 | ldap | OpenLDAP (or OpenBSD ldapd) | LDAP service, STARTTLS is available for secure connection. | NO (listen on `127.0.0.1` by default)
+636 |ldaps | OpenLDAP (or OpenBSD ldapd) | LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended. | NO (listen on `127.0.0.1` by default)
+10024 | | Amavisd-new | Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy. | NO (listen on `127.0.0.1` by default)
+10026 | | Amavisd-new | Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy. | NO (listen on `127.0.0.1` by default)
+9998 | | Amavisd-new | Used to manage quarantined emails. | NO (listen on `127.0.0.1` by default)
+7777 | | iRedAPD | Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc | NO (listen on `127.0.0.1` by default)
 
 !!! note
 
-    Policyd and Cluebringer were removed since iRedMail-0.9.3, they're replaced
-    by iRedAPD.
-
-* 10031: default listen port. Listening on IP address `127.0.0.1` by default.
+    In iRedMail-0.9.2 and earlier releases, Policyd or Cluebringer listens on
+    port 10031. They have been removed in iRedMail-0.9.3, and replaced by
+    iRedAPD.
diff --git a/html/network.ports.html b/html/network.ports.html
index 558ed970..e7dd8c8e 100644
--- a/html/network.ports.html
+++ b/html/network.ports.html
@@ -16,82 +16,151 @@
         <span>iRedMail</span>
     </a>
     &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</h1>
-<div class="toc">
-<ul>
-<li><a href="#which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</a><ul>
-<li><a href="#smtp-postfix">SMTP (Postfix)</a></li>
-<li><a href="#pop3imap-dovecot">POP3/IMAP (Dovecot)</a></li>
-<li><a href="#web-server-apache-or-nginx">Web server (Apache or Nginx)</a></li>
-<li><a href="#mysql">MySQL</a></li>
-<li><a href="#postgresql">PostgreSQL</a></li>
-<li><a href="#openldap">OpenLDAP</a></li>
-<li><a href="#amavisd-new">Amavisd-new</a></li>
-<li><a href="#iredapd-postfix-policy-server">iRedAPD (Postfix policy server)</a></li>
-<li><a href="#policyd-or-cluebringer-postfix-policy-server">Policyd or Cluebringer (Postfix policy server)</a></li>
-</ul>
-</li>
-</ul>
-</div>
-<h2 id="smtp-postfix">SMTP (Postfix)</h2>
-<ul>
-<li>25: normal smtp port, used for server-to-server communication.</li>
-<li>587: Submission (SMTP over TLS), used for mail clients to send email.</li>
-<li>465: smtps (SMTP over SSL). Deprecated, and disabled by default, please use
-  port 587 instead.</li>
-</ul>
-<h2 id="pop3imap-dovecot">POP3/IMAP (Dovecot)</h2>
-<ul>
-<li>110: POP3 service, insecure connection. Supports STARTTLS for secure connection.</li>
-<li>995: POP3S (Secure POP3 over SSL). Deprecated, recommended to use port 110 with STARTTLS.</li>
-<li>143: IMAP service, insecure connection. Supports STARTTLS for secure connection.</li>
-<li>993: IMAPS (Secure IMAP over SSL). Deprecated,  recommended to use port 143 with STARTTLS.</li>
-<li>4190: managesieve service. (Refuse connections from external network in iptables by default). Note: in old iRedMail releases, it's port 2000, it's deprecated and not even listed in <code>/etc/services</code> file.</li>
-</ul>
-<h2 id="web-server-apache-or-nginx">Web server (Apache or Nginx)</h2>
-<ul>
-<li>80: normal web service port</li>
-<li>443: HTTPS (http over SSL, secure connection)</li>
-</ul>
-<p>SOGo groupware provides Exchange ActiveSync (EAS) support through port 443.</p>
-<h2 id="mysql">MySQL</h2>
-<ul>
-<li>3306: default listen port. Listening on IP address <code>127.0.0.1</code> by default.</li>
-</ul>
-<h2 id="postgresql">PostgreSQL</h2>
-<ul>
-<li>5432: default listen port. Listening on IP address <code>127.0.0.1</code> by default.</li>
-</ul>
-<h2 id="openldap">OpenLDAP</h2>
-<ul>
-<li>389: normal LDAP port, supports STARTTLS for secure connection.</li>
-<li>636: LDAP over SSL. Deprecated, recommended to use port 387 with STARTTLS for
-  secure connection.</li>
-</ul>
-<p>Listening on all available network interfaces by default, but access from
-external network is blocked by firewall (iptables, pf).</p>
-<h2 id="amavisd-new">Amavisd-new</h2>
-<ul>
-<li>10024: port used for inbound messages, includes spam/virus scanning, DKIM
-  verification, applying spam policy.</li>
-<li>10026: port used for outbound messages, includes spam/virus scanning, DKIM
-  signing, apply spam policy.</li>
-<li>9998: port used to manage quarantined emails.</li>
-</ul>
-<p>All ports are listening on <code>127.0.0.1</code> by default.</p>
-<h2 id="iredapd-postfix-policy-server">iRedAPD (Postfix policy server)</h2>
-<ul>
-<li>7777: default listen port. Listening on IP address <code>127.0.0.1</code> by default,
-  offers greylisting, whitelisting, blacklists, throttling, and other features.</li>
-</ul>
-<h2 id="policyd-or-cluebringer-postfix-policy-server">Policyd or Cluebringer (Postfix policy server)</h2>
+<table>
+<thead>
+<tr>
+<th>Port</th>
+<th>Service</th>
+<th>Software</th>
+<th>Comment</th>
+<th>Allow Public Access?</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>25</td>
+<td>smtp</td>
+<td>Postfix</td>
+<td>Normal smtp service, used for server-to-server communication.</td>
+<td>YES</td>
+</tr>
+<tr>
+<td>587</td>
+<td>submission</td>
+<td>Postfix</td>
+<td>a.k.a. SMTP over TLS. Used by end users to send/submit email.</td>
+<td>YES (open to your end users)</td>
+</tr>
+<tr>
+<td>465</td>
+<td>smtps</td>
+<td>Postfix</td>
+<td>a.k.a. SMTP over SSL. Deprecated and disabled by default, please use port 587 instead.</td>
+<td>YES (open to your end users)</td>
+</tr>
+<tr>
+<td>110</td>
+<td>pop3</td>
+<td>Dovecot</td>
+<td>Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is available by default.</td>
+<td>YES (open to your end users)</td>
+</tr>
+<tr>
+<td>995</td>
+<td>pop3s</td>
+<td>Dovecot</td>
+<td>Used by end users to restrieve emails via POP3 protocol over SSL. Port 110 with STARTTLS is recommended.</td>
+<td>YES (open to your rend users)</td>
+</tr>
+<tr>
+<td>143</td>
+<td>imap</td>
+<td>Dovecot</td>
+<td>Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is available by default.</td>
+<td>YES (open to your end users)</td>
+</tr>
+<tr>
+<td>993</td>
+<td>imaps</td>
+<td>Dovecot</td>
+<td>Used by end users to restrieve emails via IMAP protocol over SSL. Port 143 with STARTTLS is recommended.</td>
+<td>YES (open to your rend users)</td>
+</tr>
+<tr>
+<td>4190</td>
+<td>managesieve</td>
+<td>Dovecot</td>
+<td>Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in <code>/etc/services</code> file).</td>
+<td>YES (open to your end users, or disabled and force users to manage mail filters with webmail)</td>
+</tr>
+<tr>
+<td>80</td>
+<td>http</td>
+<td>Apache/Nginx</td>
+<td>Web service</td>
+<td>YES (open to your webmail users)</td>
+</tr>
+<tr>
+<td>443</td>
+<td>https</td>
+<td>Apache/Nginx</td>
+<td>Web service over over SSL, secure connection. SOGo groupware provides Exchange ActiveSync (EAS) support through port 443.</td>
+<td>YES (open to your webmail users)</td>
+</tr>
+<tr>
+<td>3306</td>
+<td>mysql</td>
+<td>MySQL/MariaDB</td>
+<td>MySQL/MariaDB database service</td>
+<td>NO (listen on <code>127.0.0.1</code> by default)</td>
+</tr>
+<tr>
+<td>5432</td>
+<td>postgresql</td>
+<td>PostgreSQL</td>
+<td>PostgreSQL database service</td>
+<td>NO (listen on <code>127.0.0.1</code> by default)</td>
+</tr>
+<tr>
+<td>389</td>
+<td>ldap</td>
+<td>OpenLDAP (or OpenBSD ldapd)</td>
+<td>LDAP service, STARTTLS is available for secure connection.</td>
+<td>NO (listen on <code>127.0.0.1</code> by default)</td>
+</tr>
+<tr>
+<td>636</td>
+<td>ldaps</td>
+<td>OpenLDAP (or OpenBSD ldapd)</td>
+<td>LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended.</td>
+<td>NO (listen on <code>127.0.0.1</code> by default)</td>
+</tr>
+<tr>
+<td>10024</td>
+<td></td>
+<td>Amavisd-new</td>
+<td>Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy.</td>
+<td>NO (listen on <code>127.0.0.1</code> by default)</td>
+</tr>
+<tr>
+<td>10026</td>
+<td></td>
+<td>Amavisd-new</td>
+<td>Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy.</td>
+<td>NO (listen on <code>127.0.0.1</code> by default)</td>
+</tr>
+<tr>
+<td>9998</td>
+<td></td>
+<td>Amavisd-new</td>
+<td>Used to manage quarantined emails.</td>
+<td>NO (listen on <code>127.0.0.1</code> by default)</td>
+</tr>
+<tr>
+<td>7777</td>
+<td></td>
+<td>iRedAPD</td>
+<td>Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc</td>
+<td>NO (listen on <code>127.0.0.1</code> by default)</td>
+</tr>
+</tbody>
+</table>
 <div class="admonition note">
 <p class="admonition-title">Note</p>
-<p>Policyd and Cluebringer were removed since iRedMail-0.9.3, they're replaced
-by iRedAPD.</p>
-</div>
-<ul>
-<li>10031: default listen port. Listening on IP address <code>127.0.0.1</code> by default.</li>
-</ul><div class="footer">
+<p>In iRedMail-0.9.2 and earlier releases, Policyd or Cluebringer listens on
+port 10031. They have been removed in iRedMail-0.9.3, and replaced by
+iRedAPD.</p>
+</div><div class="footer">
     <p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
 </div>
 <script type="text/javascript">

Port	Service	Software	Comment	Allow Public Access?
25	smtp	Postfix	Normal smtp service, used for server-to-server communication.	YES
587	submission	Postfix	a.k.a. SMTP over TLS. Used by end users to send/submit email.	YES (open to your end users)
465	smtps	Postfix	a.k.a. SMTP over SSL. Deprecated and disabled by default, please use port 587 instead.	YES (open to your end users)
110	pop3	Dovecot	Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is available by default.	YES (open to your end users)
995	pop3s	Dovecot	Used by end users to restrieve emails via POP3 protocol over SSL. Port 110 with STARTTLS is recommended.	YES (open to your rend users)
143	imap	Dovecot	Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is available by default.	YES (open to your end users)
993	imaps	Dovecot	Used by end users to restrieve emails via IMAP protocol over SSL. Port 143 with STARTTLS is recommended.	YES (open to your rend users)
4190	managesieve	Dovecot	Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in `/etc/services` file).	YES (open to your end users, or disabled and force users to manage mail filters with webmail)
80	http	Apache/Nginx	Web service	YES (open to your webmail users)
443	https	Apache/Nginx	Web service over over SSL, secure connection. SOGo groupware provides Exchange ActiveSync (EAS) support through port 443.	YES (open to your webmail users)
3306	mysql	MySQL/MariaDB	MySQL/MariaDB database service	NO (listen on `127.0.0.1` by default)
5432	postgresql	PostgreSQL	PostgreSQL database service	NO (listen on `127.0.0.1` by default)
389	ldap	OpenLDAP (or OpenBSD ldapd)	LDAP service, STARTTLS is available for secure connection.	NO (listen on `127.0.0.1` by default)
636	ldaps	OpenLDAP (or OpenBSD ldapd)	LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended.	NO (listen on `127.0.0.1` by default)
10024		Amavisd-new	Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy.	NO (listen on `127.0.0.1` by default)
10026		Amavisd-new	Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy.	NO (listen on `127.0.0.1` by default)
9998		Amavisd-new	Used to manage quarantined emails.	NO (listen on `127.0.0.1` by default)
7777		iRedAPD	Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc	NO (listen on `127.0.0.1` by default)