7073 port should be closed for internet?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
BharathS
Advanced member
Advanced member
Posts: 52
Joined: Wed Nov 26, 2014 12:42 am

7073 port should be closed for internet?

Post by BharathS »

Hi Team,

I see some brute force attempts being made to my server through the zimbra soap port 7073, this port is open for internet from my zimbra server, I read wiki article here "https://wiki.zimbra.com/wiki/Security/Collab/87" says saslauthd now listens on 7073 and this port should firewalld blocked from internet, should I close this port from internet?

brute force log:
Jan 18 22:26:43 zimbra saslauthd[22999]: zmauth: authenticating against elected url 'https://myzimbra.server.com:7073/service/admin/soap/' ...
Jan 18 22:26:43 zimbra saslauthd[22999]: zmpost: url='https://myzimbra.server.com:7073/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope ... r><context xmlns="urn:zimbra"/></soap:Header><soap:Body><soap:Fault><soap:Code><soap:Value>soap:Sender</soap:Value></soap:Code><soap:Reason><soap:Text>authentication failed for [admin]</soap:Text></soap:Reason><soap:Detail><Error xmlns="urn:zimbra"><Code>account.AUTH_FAILED</Code><Trace>qtp1595953398-23308:1547850403794:c49f5585b5ad6cfd</Trace></Error></soap:Detail></soap:Fault></soap:Body></soap:Envelope>', hti->error=''
Jan 18 22:26:43 zimbra saslauthd[22999]: auth_zimbra: admin auth failed: authentication failed for [admin]
Jan 18 22:26:43 zimbra saslauthd[22999]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=zimbra] [reason=Unknown]
Jan 18 22:26:43 zimbra postfix/smtpd[27976]: warning: merenipc1.chamelon.p2.tiktalik.io[x.x.x.x]: SASL LOGIN authentication failed: authentication failure
lytledd
Outstanding Member
Outstanding Member
Posts: 536
Joined: Sat Sep 13, 2014 12:54 am
ZCS/ZD Version: Release 9.0.0.ZEXTRAS.20221203 FOSS

Re: 7073 port should be closed for internet?

Post by lytledd »

In my opinion, the only ports that should be open to the internet are those that are servicing your users. Email ports and the User's web interface on HTTPS. All other ports should be closed.

Doug
karthikeyan
Posts: 1
Joined: Wed Mar 10, 2021 6:20 am

Re: 7073 port should be closed for internet?

Post by karthikeyan »

How do i close the 7073 port in zimbra?
GlooM
Advanced member
Advanced member
Posts: 127
Joined: Sat Sep 13, 2014 12:50 am

Re: 7073 port should be closed for internet?

Post by GlooM »

karthikeyan wrote:How do i close the 7073 port in zimbra?
Use Linux iptables firewall.
lytledd
Outstanding Member
Outstanding Member
Posts: 536
Joined: Sat Sep 13, 2014 12:54 am
ZCS/ZD Version: Release 9.0.0.ZEXTRAS.20221203 FOSS

Re: 7073 port should be closed for internet?

Post by lytledd »

I do not have my Zimbra server directly on the internet. I have it sitting behind a pfSense firewall on my DMZ.

pfSense rules handle what is sent to the mail server.

Doug
Post Reply