elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update en_US/overview/0-network.ports.md to use a html table for clearer explaination.

This commit is contained in:
Zhang Huangbin 2016-11-15 14:11:47 +08:00
parent 4e5ea28ac9
commit 17c7606f8d
2 changed files with 166 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
en_US/overview/0-network.ports.md
View File

@ -1,66 +1,28 @@
# Which network ports are open by iRedMail # Which network ports are open by iRedMail
[TOC] Port | Service | Software | Comment | Allow Public Access?
--- |--- |--- |--- |---
## SMTP (Postfix) 25 | smtp | Postfix | Normal smtp service, used for server-to-server communication. | YES
587 | submission | Postfix | a.k.a. SMTP over TLS. Used by end users to send/submit email. | YES (open to your end users)
* 25: normal smtp port, used for server-to-server communication. 465 | smtps | Postfix | a.k.a. SMTP over SSL. Deprecated and disabled by default, please use port 587 instead. | YES (open to your end users)
* 587: Submission (SMTP over TLS), used for mail clients to send email. 110 | pop3 | Dovecot | Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is available by default. | YES (open to your end users)
* 465: smtps (SMTP over SSL). Deprecated, and disabled by default, please use 995 | pop3s | Dovecot | Used by end users to restrieve emails via POP3 protocol over SSL. Port 110 with STARTTLS is recommended. | YES (open to your rend users)
port 587 instead. 143 | imap |Dovecot | Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is available by default. | YES (open to your end users)
993 | imaps | Dovecot | Used by end users to restrieve emails via IMAP protocol over SSL. Port 143 with STARTTLS is recommended. | YES (open to your rend users)
## POP3/IMAP (Dovecot) 4190 | managesieve | Dovecot | Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in `/etc/services` file). | YES (open to your end users, or disabled and force users to manage mail filters with webmail)
80 | http | Apache/Nginx | Web service | YES (open to your webmail users)
* 110: POP3 service, insecure connection. Supports STARTTLS for secure connection. 443 | https | Apache/Nginx | Web service over over SSL, secure connection. SOGo groupware provides Exchange ActiveSync (EAS) support through port 443. | YES (open to your webmail users)
* 995: POP3S (Secure POP3 over SSL). Deprecated, recommended to use port 110 with STARTTLS. 3306 | mysql | MySQL/MariaDB | MySQL/MariaDB database service | NO (listen on `127.0.0.1` by default)
* 143: IMAP service, insecure connection. Supports STARTTLS for secure connection. 5432 | postgresql | PostgreSQL | PostgreSQL database service | NO (listen on `127.0.0.1` by default)
* 993: IMAPS (Secure IMAP over SSL). Deprecated, recommended to use port 143 with STARTTLS. 389 | ldap | OpenLDAP (or OpenBSD ldapd) | LDAP service, STARTTLS is available for secure connection. | NO (listen on `127.0.0.1` by default)
* 4190: managesieve service. (Refuse connections from external network in iptables by default). Note: in old iRedMail releases, it's port 2000, it's deprecated and not even listed in `/etc/services` file. 636 |ldaps | OpenLDAP (or OpenBSD ldapd) | LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended. | NO (listen on `127.0.0.1` by default)
10024 | | Amavisd-new | Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy. | NO (listen on `127.0.0.1` by default)
## Web server (Apache or Nginx) 10026 | | Amavisd-new | Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy. | NO (listen on `127.0.0.1` by default)
9998 | | Amavisd-new | Used to manage quarantined emails. | NO (listen on `127.0.0.1` by default)
* 80: normal web service port 7777 | | iRedAPD | Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc | NO (listen on `127.0.0.1` by default)
* 443: HTTPS (http over SSL, secure connection)
SOGo groupware provides Exchange ActiveSync (EAS) support through port 443.
## MySQL
* 3306: default listen port. Listening on IP address `127.0.0.1` by default.
## PostgreSQL
* 5432: default listen port. Listening on IP address `127.0.0.1` by default.
## OpenLDAP
* 389: normal LDAP port, supports STARTTLS for secure connection.
* 636: LDAP over SSL. Deprecated, recommended to use port 387 with STARTTLS for
secure connection.
Listening on all available network interfaces by default, but access from
external network is blocked by firewall (iptables, pf).
## Amavisd-new
* 10024: port used for inbound messages, includes spam/virus scanning, DKIM
verification, applying spam policy.
* 10026: port used for outbound messages, includes spam/virus scanning, DKIM
signing, apply spam policy.
* 9998: port used to manage quarantined emails.
All ports are listening on `127.0.0.1` by default.
## iRedAPD (Postfix policy server)
* 7777: default listen port. Listening on IP address `127.0.0.1` by default,
offers greylisting, whitelisting, blacklists, throttling, and other features.
## Policyd or Cluebringer (Postfix policy server)
!!! note !!! note
Policyd and Cluebringer were removed since iRedMail-0.9.3, they're replaced In iRedMail-0.9.2 and earlier releases, Policyd or Cluebringer listens on
by iRedAPD. port 10031. They have been removed in iRedMail-0.9.3, and replaced by
iRedAPD.
* 10031: default listen port. Listening on IP address `127.0.0.1` by default.

217
html/network.ports.html
View File

@ -16,82 +16,151 @@
<span>iRedMail</span> <span>iRedMail</span>
</a> </a>
&nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</h1> &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</h1>
<div class="toc"> <table>
<ul> <thead>
<li><a href="#which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</a><ul> <tr>
<li><a href="#smtp-postfix">SMTP (Postfix)</a></li> <th>Port</th>
<li><a href="#pop3imap-dovecot">POP3/IMAP (Dovecot)</a></li> <th>Service</th>
<li><a href="#web-server-apache-or-nginx">Web server (Apache or Nginx)</a></li> <th>Software</th>
<li><a href="#mysql">MySQL</a></li> <th>Comment</th>
<li><a href="#postgresql">PostgreSQL</a></li> <th>Allow Public Access?</th>
<li><a href="#openldap">OpenLDAP</a></li> </tr>
<li><a href="#amavisd-new">Amavisd-new</a></li> </thead>
<li><a href="#iredapd-postfix-policy-server">iRedAPD (Postfix policy server)</a></li> <tbody>
<li><a href="#policyd-or-cluebringer-postfix-policy-server">Policyd or Cluebringer (Postfix policy server)</a></li> <tr>
</ul> <td>25</td>
</li> <td>smtp</td>
</ul> <td>Postfix</td>
</div> <td>Normal smtp service, used for server-to-server communication.</td>
<h2 id="smtp-postfix">SMTP (Postfix)</h2> <td>YES</td>
<ul> </tr>
<li>25: normal smtp port, used for server-to-server communication.</li> <tr>
<li>587: Submission (SMTP over TLS), used for mail clients to send email.</li> <td>587</td>
<li>465: smtps (SMTP over SSL). Deprecated, and disabled by default, please use <td>submission</td>
port 587 instead.</li> <td>Postfix</td>
</ul> <td>a.k.a. SMTP over TLS. Used by end users to send/submit email.</td>
<h2 id="pop3imap-dovecot">POP3/IMAP (Dovecot)</h2> <td>YES (open to your end users)</td>
<ul> </tr>
<li>110: POP3 service, insecure connection. Supports STARTTLS for secure connection.</li> <tr>
<li>995: POP3S (Secure POP3 over SSL). Deprecated, recommended to use port 110 with STARTTLS.</li> <td>465</td>
<li>143: IMAP service, insecure connection. Supports STARTTLS for secure connection.</li> <td>smtps</td>
<li>993: IMAPS (Secure IMAP over SSL). Deprecated, recommended to use port 143 with STARTTLS.</li> <td>Postfix</td>
<li>4190: managesieve service. (Refuse connections from external network in iptables by default). Note: in old iRedMail releases, it's port 2000, it's deprecated and not even listed in <code>/etc/services</code> file.</li> <td>a.k.a. SMTP over SSL. Deprecated and disabled by default, please use port 587 instead.</td>
</ul> <td>YES (open to your end users)</td>
<h2 id="web-server-apache-or-nginx">Web server (Apache or Nginx)</h2> </tr>
<ul> <tr>
<li>80: normal web service port</li> <td>110</td>
<li>443: HTTPS (http over SSL, secure connection)</li> <td>pop3</td>
</ul> <td>Dovecot</td>
<p>SOGo groupware provides Exchange ActiveSync (EAS) support through port 443.</p> <td>Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is available by default.</td>
<h2 id="mysql">MySQL</h2> <td>YES (open to your end users)</td>
<ul> </tr>
<li>3306: default listen port. Listening on IP address <code>127.0.0.1</code> by default.</li> <tr>
</ul> <td>995</td>
<h2 id="postgresql">PostgreSQL</h2> <td>pop3s</td>
<ul> <td>Dovecot</td>
<li>5432: default listen port. Listening on IP address <code>127.0.0.1</code> by default.</li> <td>Used by end users to restrieve emails via POP3 protocol over SSL. Port 110 with STARTTLS is recommended.</td>
</ul> <td>YES (open to your rend users)</td>
<h2 id="openldap">OpenLDAP</h2> </tr>
<ul> <tr>
<li>389: normal LDAP port, supports STARTTLS for secure connection.</li> <td>143</td>
<li>636: LDAP over SSL. Deprecated, recommended to use port 387 with STARTTLS for <td>imap</td>
secure connection.</li> <td>Dovecot</td>
</ul> <td>Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is available by default.</td>
<p>Listening on all available network interfaces by default, but access from <td>YES (open to your end users)</td>
external network is blocked by firewall (iptables, pf).</p> </tr>
<h2 id="amavisd-new">Amavisd-new</h2> <tr>
<ul> <td>993</td>
<li>10024: port used for inbound messages, includes spam/virus scanning, DKIM <td>imaps</td>
verification, applying spam policy.</li> <td>Dovecot</td>
<li>10026: port used for outbound messages, includes spam/virus scanning, DKIM <td>Used by end users to restrieve emails via IMAP protocol over SSL. Port 143 with STARTTLS is recommended.</td>
signing, apply spam policy.</li> <td>YES (open to your rend users)</td>
<li>9998: port used to manage quarantined emails.</li> </tr>
</ul> <tr>
<p>All ports are listening on <code>127.0.0.1</code> by default.</p> <td>4190</td>
<h2 id="iredapd-postfix-policy-server">iRedAPD (Postfix policy server)</h2> <td>managesieve</td>
<ul> <td>Dovecot</td>
<li>7777: default listen port. Listening on IP address <code>127.0.0.1</code> by default, <td>Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in <code>/etc/services</code> file).</td>
offers greylisting, whitelisting, blacklists, throttling, and other features.</li> <td>YES (open to your end users, or disabled and force users to manage mail filters with webmail)</td>
</ul> </tr>
<h2 id="policyd-or-cluebringer-postfix-policy-server">Policyd or Cluebringer (Postfix policy server)</h2> <tr>
<td>80</td>
<td>http</td>
<td>Apache/Nginx</td>
<td>Web service</td>
<td>YES (open to your webmail users)</td>
</tr>
<tr>
<td>443</td>
<td>https</td>
<td>Apache/Nginx</td>
<td>Web service over over SSL, secure connection. SOGo groupware provides Exchange ActiveSync (EAS) support through port 443.</td>
<td>YES (open to your webmail users)</td>
</tr>
<tr>
<td>3306</td>
<td>mysql</td>
<td>MySQL/MariaDB</td>
<td>MySQL/MariaDB database service</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>5432</td>
<td>postgresql</td>
<td>PostgreSQL</td>
<td>PostgreSQL database service</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>389</td>
<td>ldap</td>
<td>OpenLDAP (or OpenBSD ldapd)</td>
<td>LDAP service, STARTTLS is available for secure connection.</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>636</td>
<td>ldaps</td>
<td>OpenLDAP (or OpenBSD ldapd)</td>
<td>LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended.</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>10024</td>
<td></td>
<td>Amavisd-new</td>
<td>Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy.</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>10026</td>
<td></td>
<td>Amavisd-new</td>
<td>Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy.</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>9998</td>
<td></td>
<td>Amavisd-new</td>
<td>Used to manage quarantined emails.</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>7777</td>
<td></td>
<td>iRedAPD</td>
<td>Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
</tbody>
</table>
<div class="admonition note"> <div class="admonition note">
<p class="admonition-title">Note</p> <p class="admonition-title">Note</p>
<p>Policyd and Cluebringer were removed since iRedMail-0.9.3, they're replaced <p>In iRedMail-0.9.2 and earlier releases, Policyd or Cluebringer listens on
by iRedAPD.</p> port 10031. They have been removed in iRedMail-0.9.3, and replaced by
</div> iRedAPD.</p>
<ul> </div><div class="footer">
<li>10031: default listen port. Listening on IP address <code>127.0.0.1</code> by default.</li>
</ul><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p> <p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div> </div>
<script type="text/javascript"> <script type="text/javascript">