Update en_US/overview/0-network.ports.md to use a html table for clearer explaination.
This commit is contained in:
parent
4e5ea28ac9
commit
17c7606f8d
|
@ -1,66 +1,28 @@
|
||||||
# Which network ports are open by iRedMail
|
# Which network ports are open by iRedMail
|
||||||
|
|
||||||
[TOC]
|
Port | Service | Software | Comment | Allow Public Access?
|
||||||
|
--- |--- |--- |--- |---
|
||||||
## SMTP (Postfix)
|
25 | smtp | Postfix | Normal smtp service, used for server-to-server communication. | YES
|
||||||
|
587 | submission | Postfix | a.k.a. SMTP over TLS. Used by end users to send/submit email. | YES (open to your end users)
|
||||||
* 25: normal smtp port, used for server-to-server communication.
|
465 | smtps | Postfix | a.k.a. SMTP over SSL. Deprecated and disabled by default, please use port 587 instead. | YES (open to your end users)
|
||||||
* 587: Submission (SMTP over TLS), used for mail clients to send email.
|
110 | pop3 | Dovecot | Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is available by default. | YES (open to your end users)
|
||||||
* 465: smtps (SMTP over SSL). Deprecated, and disabled by default, please use
|
995 | pop3s | Dovecot | Used by end users to restrieve emails via POP3 protocol over SSL. Port 110 with STARTTLS is recommended. | YES (open to your rend users)
|
||||||
port 587 instead.
|
143 | imap |Dovecot | Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is available by default. | YES (open to your end users)
|
||||||
|
993 | imaps | Dovecot | Used by end users to restrieve emails via IMAP protocol over SSL. Port 143 with STARTTLS is recommended. | YES (open to your rend users)
|
||||||
## POP3/IMAP (Dovecot)
|
4190 | managesieve | Dovecot | Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in `/etc/services` file). | YES (open to your end users, or disabled and force users to manage mail filters with webmail)
|
||||||
|
80 | http | Apache/Nginx | Web service | YES (open to your webmail users)
|
||||||
* 110: POP3 service, insecure connection. Supports STARTTLS for secure connection.
|
443 | https | Apache/Nginx | Web service over over SSL, secure connection. SOGo groupware provides Exchange ActiveSync (EAS) support through port 443. | YES (open to your webmail users)
|
||||||
* 995: POP3S (Secure POP3 over SSL). Deprecated, recommended to use port 110 with STARTTLS.
|
3306 | mysql | MySQL/MariaDB | MySQL/MariaDB database service | NO (listen on `127.0.0.1` by default)
|
||||||
* 143: IMAP service, insecure connection. Supports STARTTLS for secure connection.
|
5432 | postgresql | PostgreSQL | PostgreSQL database service | NO (listen on `127.0.0.1` by default)
|
||||||
* 993: IMAPS (Secure IMAP over SSL). Deprecated, recommended to use port 143 with STARTTLS.
|
389 | ldap | OpenLDAP (or OpenBSD ldapd) | LDAP service, STARTTLS is available for secure connection. | NO (listen on `127.0.0.1` by default)
|
||||||
* 4190: managesieve service. (Refuse connections from external network in iptables by default). Note: in old iRedMail releases, it's port 2000, it's deprecated and not even listed in `/etc/services` file.
|
636 |ldaps | OpenLDAP (or OpenBSD ldapd) | LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended. | NO (listen on `127.0.0.1` by default)
|
||||||
|
10024 | | Amavisd-new | Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy. | NO (listen on `127.0.0.1` by default)
|
||||||
## Web server (Apache or Nginx)
|
10026 | | Amavisd-new | Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy. | NO (listen on `127.0.0.1` by default)
|
||||||
|
9998 | | Amavisd-new | Used to manage quarantined emails. | NO (listen on `127.0.0.1` by default)
|
||||||
* 80: normal web service port
|
7777 | | iRedAPD | Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc | NO (listen on `127.0.0.1` by default)
|
||||||
* 443: HTTPS (http over SSL, secure connection)
|
|
||||||
|
|
||||||
SOGo groupware provides Exchange ActiveSync (EAS) support through port 443.
|
|
||||||
|
|
||||||
## MySQL
|
|
||||||
|
|
||||||
* 3306: default listen port. Listening on IP address `127.0.0.1` by default.
|
|
||||||
|
|
||||||
## PostgreSQL
|
|
||||||
|
|
||||||
* 5432: default listen port. Listening on IP address `127.0.0.1` by default.
|
|
||||||
|
|
||||||
## OpenLDAP
|
|
||||||
|
|
||||||
* 389: normal LDAP port, supports STARTTLS for secure connection.
|
|
||||||
* 636: LDAP over SSL. Deprecated, recommended to use port 387 with STARTTLS for
|
|
||||||
secure connection.
|
|
||||||
|
|
||||||
Listening on all available network interfaces by default, but access from
|
|
||||||
external network is blocked by firewall (iptables, pf).
|
|
||||||
|
|
||||||
## Amavisd-new
|
|
||||||
|
|
||||||
* 10024: port used for inbound messages, includes spam/virus scanning, DKIM
|
|
||||||
verification, applying spam policy.
|
|
||||||
* 10026: port used for outbound messages, includes spam/virus scanning, DKIM
|
|
||||||
signing, apply spam policy.
|
|
||||||
* 9998: port used to manage quarantined emails.
|
|
||||||
|
|
||||||
All ports are listening on `127.0.0.1` by default.
|
|
||||||
|
|
||||||
## iRedAPD (Postfix policy server)
|
|
||||||
|
|
||||||
* 7777: default listen port. Listening on IP address `127.0.0.1` by default,
|
|
||||||
offers greylisting, whitelisting, blacklists, throttling, and other features.
|
|
||||||
|
|
||||||
## Policyd or Cluebringer (Postfix policy server)
|
|
||||||
|
|
||||||
!!! note
|
!!! note
|
||||||
|
|
||||||
Policyd and Cluebringer were removed since iRedMail-0.9.3, they're replaced
|
In iRedMail-0.9.2 and earlier releases, Policyd or Cluebringer listens on
|
||||||
by iRedAPD.
|
port 10031. They have been removed in iRedMail-0.9.3, and replaced by
|
||||||
|
iRedAPD.
|
||||||
* 10031: default listen port. Listening on IP address `127.0.0.1` by default.
|
|
||||||
|
|
|
@ -16,82 +16,151 @@
|
||||||
<span>iRedMail</span>
|
<span>iRedMail</span>
|
||||||
</a>
|
</a>
|
||||||
// <a href="./index.html">Document Index</a></div><h1 id="which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</h1>
|
// <a href="./index.html">Document Index</a></div><h1 id="which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</h1>
|
||||||
<div class="toc">
|
<table>
|
||||||
<ul>
|
<thead>
|
||||||
<li><a href="#which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</a><ul>
|
<tr>
|
||||||
<li><a href="#smtp-postfix">SMTP (Postfix)</a></li>
|
<th>Port</th>
|
||||||
<li><a href="#pop3imap-dovecot">POP3/IMAP (Dovecot)</a></li>
|
<th>Service</th>
|
||||||
<li><a href="#web-server-apache-or-nginx">Web server (Apache or Nginx)</a></li>
|
<th>Software</th>
|
||||||
<li><a href="#mysql">MySQL</a></li>
|
<th>Comment</th>
|
||||||
<li><a href="#postgresql">PostgreSQL</a></li>
|
<th>Allow Public Access?</th>
|
||||||
<li><a href="#openldap">OpenLDAP</a></li>
|
</tr>
|
||||||
<li><a href="#amavisd-new">Amavisd-new</a></li>
|
</thead>
|
||||||
<li><a href="#iredapd-postfix-policy-server">iRedAPD (Postfix policy server)</a></li>
|
<tbody>
|
||||||
<li><a href="#policyd-or-cluebringer-postfix-policy-server">Policyd or Cluebringer (Postfix policy server)</a></li>
|
<tr>
|
||||||
</ul>
|
<td>25</td>
|
||||||
</li>
|
<td>smtp</td>
|
||||||
</ul>
|
<td>Postfix</td>
|
||||||
</div>
|
<td>Normal smtp service, used for server-to-server communication.</td>
|
||||||
<h2 id="smtp-postfix">SMTP (Postfix)</h2>
|
<td>YES</td>
|
||||||
<ul>
|
</tr>
|
||||||
<li>25: normal smtp port, used for server-to-server communication.</li>
|
<tr>
|
||||||
<li>587: Submission (SMTP over TLS), used for mail clients to send email.</li>
|
<td>587</td>
|
||||||
<li>465: smtps (SMTP over SSL). Deprecated, and disabled by default, please use
|
<td>submission</td>
|
||||||
port 587 instead.</li>
|
<td>Postfix</td>
|
||||||
</ul>
|
<td>a.k.a. SMTP over TLS. Used by end users to send/submit email.</td>
|
||||||
<h2 id="pop3imap-dovecot">POP3/IMAP (Dovecot)</h2>
|
<td>YES (open to your end users)</td>
|
||||||
<ul>
|
</tr>
|
||||||
<li>110: POP3 service, insecure connection. Supports STARTTLS for secure connection.</li>
|
<tr>
|
||||||
<li>995: POP3S (Secure POP3 over SSL). Deprecated, recommended to use port 110 with STARTTLS.</li>
|
<td>465</td>
|
||||||
<li>143: IMAP service, insecure connection. Supports STARTTLS for secure connection.</li>
|
<td>smtps</td>
|
||||||
<li>993: IMAPS (Secure IMAP over SSL). Deprecated, recommended to use port 143 with STARTTLS.</li>
|
<td>Postfix</td>
|
||||||
<li>4190: managesieve service. (Refuse connections from external network in iptables by default). Note: in old iRedMail releases, it's port 2000, it's deprecated and not even listed in <code>/etc/services</code> file.</li>
|
<td>a.k.a. SMTP over SSL. Deprecated and disabled by default, please use port 587 instead.</td>
|
||||||
</ul>
|
<td>YES (open to your end users)</td>
|
||||||
<h2 id="web-server-apache-or-nginx">Web server (Apache or Nginx)</h2>
|
</tr>
|
||||||
<ul>
|
<tr>
|
||||||
<li>80: normal web service port</li>
|
<td>110</td>
|
||||||
<li>443: HTTPS (http over SSL, secure connection)</li>
|
<td>pop3</td>
|
||||||
</ul>
|
<td>Dovecot</td>
|
||||||
<p>SOGo groupware provides Exchange ActiveSync (EAS) support through port 443.</p>
|
<td>Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is available by default.</td>
|
||||||
<h2 id="mysql">MySQL</h2>
|
<td>YES (open to your end users)</td>
|
||||||
<ul>
|
</tr>
|
||||||
<li>3306: default listen port. Listening on IP address <code>127.0.0.1</code> by default.</li>
|
<tr>
|
||||||
</ul>
|
<td>995</td>
|
||||||
<h2 id="postgresql">PostgreSQL</h2>
|
<td>pop3s</td>
|
||||||
<ul>
|
<td>Dovecot</td>
|
||||||
<li>5432: default listen port. Listening on IP address <code>127.0.0.1</code> by default.</li>
|
<td>Used by end users to restrieve emails via POP3 protocol over SSL. Port 110 with STARTTLS is recommended.</td>
|
||||||
</ul>
|
<td>YES (open to your rend users)</td>
|
||||||
<h2 id="openldap">OpenLDAP</h2>
|
</tr>
|
||||||
<ul>
|
<tr>
|
||||||
<li>389: normal LDAP port, supports STARTTLS for secure connection.</li>
|
<td>143</td>
|
||||||
<li>636: LDAP over SSL. Deprecated, recommended to use port 387 with STARTTLS for
|
<td>imap</td>
|
||||||
secure connection.</li>
|
<td>Dovecot</td>
|
||||||
</ul>
|
<td>Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is available by default.</td>
|
||||||
<p>Listening on all available network interfaces by default, but access from
|
<td>YES (open to your end users)</td>
|
||||||
external network is blocked by firewall (iptables, pf).</p>
|
</tr>
|
||||||
<h2 id="amavisd-new">Amavisd-new</h2>
|
<tr>
|
||||||
<ul>
|
<td>993</td>
|
||||||
<li>10024: port used for inbound messages, includes spam/virus scanning, DKIM
|
<td>imaps</td>
|
||||||
verification, applying spam policy.</li>
|
<td>Dovecot</td>
|
||||||
<li>10026: port used for outbound messages, includes spam/virus scanning, DKIM
|
<td>Used by end users to restrieve emails via IMAP protocol over SSL. Port 143 with STARTTLS is recommended.</td>
|
||||||
signing, apply spam policy.</li>
|
<td>YES (open to your rend users)</td>
|
||||||
<li>9998: port used to manage quarantined emails.</li>
|
</tr>
|
||||||
</ul>
|
<tr>
|
||||||
<p>All ports are listening on <code>127.0.0.1</code> by default.</p>
|
<td>4190</td>
|
||||||
<h2 id="iredapd-postfix-policy-server">iRedAPD (Postfix policy server)</h2>
|
<td>managesieve</td>
|
||||||
<ul>
|
<td>Dovecot</td>
|
||||||
<li>7777: default listen port. Listening on IP address <code>127.0.0.1</code> by default,
|
<td>Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in <code>/etc/services</code> file).</td>
|
||||||
offers greylisting, whitelisting, blacklists, throttling, and other features.</li>
|
<td>YES (open to your end users, or disabled and force users to manage mail filters with webmail)</td>
|
||||||
</ul>
|
</tr>
|
||||||
<h2 id="policyd-or-cluebringer-postfix-policy-server">Policyd or Cluebringer (Postfix policy server)</h2>
|
<tr>
|
||||||
|
<td>80</td>
|
||||||
|
<td>http</td>
|
||||||
|
<td>Apache/Nginx</td>
|
||||||
|
<td>Web service</td>
|
||||||
|
<td>YES (open to your webmail users)</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>443</td>
|
||||||
|
<td>https</td>
|
||||||
|
<td>Apache/Nginx</td>
|
||||||
|
<td>Web service over over SSL, secure connection. SOGo groupware provides Exchange ActiveSync (EAS) support through port 443.</td>
|
||||||
|
<td>YES (open to your webmail users)</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>3306</td>
|
||||||
|
<td>mysql</td>
|
||||||
|
<td>MySQL/MariaDB</td>
|
||||||
|
<td>MySQL/MariaDB database service</td>
|
||||||
|
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>5432</td>
|
||||||
|
<td>postgresql</td>
|
||||||
|
<td>PostgreSQL</td>
|
||||||
|
<td>PostgreSQL database service</td>
|
||||||
|
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>389</td>
|
||||||
|
<td>ldap</td>
|
||||||
|
<td>OpenLDAP (or OpenBSD ldapd)</td>
|
||||||
|
<td>LDAP service, STARTTLS is available for secure connection.</td>
|
||||||
|
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>636</td>
|
||||||
|
<td>ldaps</td>
|
||||||
|
<td>OpenLDAP (or OpenBSD ldapd)</td>
|
||||||
|
<td>LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended.</td>
|
||||||
|
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>10024</td>
|
||||||
|
<td></td>
|
||||||
|
<td>Amavisd-new</td>
|
||||||
|
<td>Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy.</td>
|
||||||
|
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>10026</td>
|
||||||
|
<td></td>
|
||||||
|
<td>Amavisd-new</td>
|
||||||
|
<td>Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy.</td>
|
||||||
|
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>9998</td>
|
||||||
|
<td></td>
|
||||||
|
<td>Amavisd-new</td>
|
||||||
|
<td>Used to manage quarantined emails.</td>
|
||||||
|
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>7777</td>
|
||||||
|
<td></td>
|
||||||
|
<td>iRedAPD</td>
|
||||||
|
<td>Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc</td>
|
||||||
|
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
<div class="admonition note">
|
<div class="admonition note">
|
||||||
<p class="admonition-title">Note</p>
|
<p class="admonition-title">Note</p>
|
||||||
<p>Policyd and Cluebringer were removed since iRedMail-0.9.3, they're replaced
|
<p>In iRedMail-0.9.2 and earlier releases, Policyd or Cluebringer listens on
|
||||||
by iRedAPD.</p>
|
port 10031. They have been removed in iRedMail-0.9.3, and replaced by
|
||||||
</div>
|
iRedAPD.</p>
|
||||||
<ul>
|
</div><div class="footer">
|
||||||
<li>10031: default listen port. Listening on IP address <code>127.0.0.1</code> by default.</li>
|
|
||||||
</ul><div class="footer">
|
|
||||||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||||||
</div>
|
</div>
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
|
|
Loading…
Reference in New Issue