Port | Service | Software | Comment | Allow Public Access? |
---|---|---|---|---|
25 | smtp | Postfix | Normal smtp service, used for server-to-server communication. WARNING: This port MUST be open, otherwise you cannot receive email sent from other servers. | YES |
587 | submission | Postfix | a.k.a. SMTP over TLS. Used by end users to send/submit email. | YES (open to your end users) |
110 | pop3 | Dovecot | Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is available by default. | YES (open to your end users) |
995 | pop3s | Dovecot | Used by end users to restrieve emails via POP3 protocol over SSL. Port 110 with STARTTLS is recommended. | YES (open to your end users) |
143 | imap | Dovecot | Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is available by default. | YES (open to your end users) |
993 | imaps | Dovecot | Used by end users to restrieve emails via IMAP protocol over SSL. Port 143 with STARTTLS is recommended. | YES (open to your end users) |
4190 | managesieve | Dovecot | Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in /etc/services file). |
NO (disabled by default and users are forced to manage mail filters with webmail) |
80 | http | Apache/Nginx | Web service | YES (open to your webmail users) |
443 | https | Apache/Nginx | Web service over over SSL, secure connection. SOGo groupware provides Exchange ActiveSync (EAS) support through port 443. | YES (open to your webmail users) |
3306 | mysql | MySQL/MariaDB | MySQL/MariaDB database service | NO (listen on 127.0.0.1 by default) |
5432 | postgresql | PostgreSQL | PostgreSQL database service | NO (listen on 127.0.0.1 by default) |
389 | ldap | OpenLDAP (or OpenBSD ldapd) | LDAP service, STARTTLS is available for secure connection. | NO (listen on 127.0.0.1 by default) |
636 | ldaps | OpenLDAP (or OpenBSD ldapd) | LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended. | NO (listen on 127.0.0.1 by default) |
10024 | Amavisd-new | Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy. | NO (listen on 127.0.0.1 by default) |
|
10026 | Amavisd-new | Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy. | NO (listen on 127.0.0.1 by default) |
|
9998 | Amavisd-new | Used to manage quarantined emails. | NO (listen on 127.0.0.1 by default) |
|
7777 | iRedAPD | Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc | NO (listen on 127.0.0.1 by default) |
|
7779 | mlmmjadmin | RESTful API server used to manage mlmmj mailing lists. New in iRedMail-0.9.8. | NO (listen on 127.0.0.1 by default) |
|
24242 | Dovecot | Dovecot service status. New in iRedMail-0.9.8. | NO (listen on 127.0.0.1 by default) |
|
19999 | Netdata | Netdata monitor. New in iRedMail-0.9.8. | NO (listen on 127.0.0.1 by default) |
Note
In iRedMail-0.9.2 and earlier releases, Policyd or Cluebringer listens on port 10031. They have been removed in iRedMail-0.9.3, and replaced by iRedAPD.
Port 465, a.k.a. SMTP over SSL, has been deprecated for years. Please use port 587 instead.