Am looking at security of scalix, - I have the most recent version installed under SLES 9
and want to lockdown as much as possible, be sure what services/ports are necessary - running on which ports -and what destination they need access to.
Is there a document which explains this in detail??
firewall network ports?
Moderators: ScalixSupport, admin
-
ScalixSupport
- Scalix
- Posts: 5503
- Joined: Thu Mar 25, 2004 8:15 pm
-
ssl
- Posts: 14
- Joined: Fri Aug 26, 2005 8:28 pm
ok, more detail
Clearly http (or https) needs to be available to wherever people want to reach the web client from (everywhere)
also for people using another email client (e.g. mozilla, thunderbird, outlook)
I plan to open the pop, imap and smtp( auth) ports. (? - I am not clear on whether scalix supports tls for smtp and imap???
I would guess that port 25 for Sendmail would be necessary.
our setup is a single scalix server (community), and I am hoping to get ldap(s) auth to a remote ldap server working, so that would have to be open in that case.
right now I am setting things up via host-based firewall, but when it works will add rules to our lan firewall.
am I missing anything? I see slpd running on my install of suse, and not sure if scalix is using that for anything. - it is holding ports 427 tcp/ udp and port 5353 udp open... ( I am really not familiar with slpd)
I also see a number of other scalix proecessess running advmail.s, omdrs omnssck do they really need to have those ports open - cant imagine in single server that they would need to talk to anyone
also for people using another email client (e.g. mozilla, thunderbird, outlook)
I plan to open the pop, imap and smtp( auth) ports. (? - I am not clear on whether scalix supports tls for smtp and imap???
I would guess that port 25 for Sendmail would be necessary.
our setup is a single scalix server (community), and I am hoping to get ldap(s) auth to a remote ldap server working, so that would have to be open in that case.
right now I am setting things up via host-based firewall, but when it works will add rules to our lan firewall.
am I missing anything? I see slpd running on my install of suse, and not sure if scalix is using that for anything. - it is holding ports 427 tcp/ udp and port 5353 udp open... ( I am really not familiar with slpd)
I also see a number of other scalix proecessess running advmail.s, omdrs omnssck do they really need to have those ports open - cant imagine in single server that they would need to talk to anyone
-
ScalixSupport
- Scalix
- Posts: 5503
- Joined: Thu Mar 25, 2004 8:15 pm
Re: anyone listening?
ssl wrote:hello?
Hello!
You have not told us yet what clients you will be using, but you are on the right track.
sdp is not used by Scalix.
A quick search on the forum reveals: http://www.scalix.com/community/viewtop ... ight=ports
Cheers,
Sascha.
-
ssl
- Posts: 14
- Joined: Fri Aug 26, 2005 8:28 pm
clarification
ok when I said:
"http (or https) needs to be available to wherever people want to reach the web client from (everywhere) "
I mean that people will want to use the web client (SWA?) from "everywhere" = outside firewall
When I said:
"for people using another email client (e.g. mozilla, thunderbird, outlook) "
I mean that people will also be using their email client of choice (typically mozilla or thunderbird, but sometimes outlook) from "everywhere"
for mozilla or thunderbird, they will need pop and imap.. I am not sure what ports are necessary for outlook??
ok, so here are some related questions:
Scalix does SMTP-Auth correct? but does not do TLS, but will do SSL? is this correct ? my ? is will the mail clients above (thunderbird, moz, and outlook) do this.
In addtion, it appears that the same is true for IMAP and POP - scalix does not do TLS? so to proect passwords I need to also set up ssl ports for these services via stunnel? in your experience will all the above clients support this??
thanks in advance for your response
"http (or https) needs to be available to wherever people want to reach the web client from (everywhere) "
I mean that people will want to use the web client (SWA?) from "everywhere" = outside firewall
When I said:
"for people using another email client (e.g. mozilla, thunderbird, outlook) "
I mean that people will also be using their email client of choice (typically mozilla or thunderbird, but sometimes outlook) from "everywhere"
for mozilla or thunderbird, they will need pop and imap.. I am not sure what ports are necessary for outlook??
ok, so here are some related questions:
Scalix does SMTP-Auth correct? but does not do TLS, but will do SSL? is this correct ? my ? is will the mail clients above (thunderbird, moz, and outlook) do this.
In addtion, it appears that the same is true for IMAP and POP - scalix does not do TLS? so to proect passwords I need to also set up ssl ports for these services via stunnel? in your experience will all the above clients support this??
thanks in advance for your response
-
florian
- Scalix
- Posts: 3852
- Joined: Fri Dec 24, 2004 8:16 am
- Location: Frankfurt, Germany
- Contact:
Our current SSL/TLS setup is exclusively based on stunnel. This might change in a future release.
At least for Thunderbird, Apple Mail, Entourage, Outlook express, I can say that they will use IMAPS, POP3S, SMTPS. Support for SSL is more common in email clients than TLS, so setting up separate ports is recommended.
Ping us if you need further help,
Florian.
At least for Thunderbird, Apple Mail, Entourage, Outlook express, I can say that they will use IMAPS, POP3S, SMTPS. Support for SSL is more common in email clients than TLS, so setting up separate ports is recommended.
Ping us if you need further help,
Florian.
Florian von Kurnatowski, Die Harder!
Who is online
Users browsing this forum: No registered users and 20 guests