Solved

Exchange ports

Posted on 2006-07-18
7
343 Views
Last Modified: 2010-03-06
What ports do I need to have open on a 2003 server running Exchange 2003. Also what is the best way to close ports that are not needed.
0
Comment
Question by:s2cott
  • 3
  • 2
7 Comments
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
What is your objective?

Ports where?
Internally?
Externally?
To the internet?
Somewhere else?

More information is required.

Simon.
0
 

Author Comment

by:s2cott
Comment Utility
What is your objective? I am at a University so we are constantly under attack. We sit behind 2 firewalls but there are ways through.

Ports where? On the Exchange server it self
Internally?
Externally?
To the internet?
Somewhere else?

We also use OWA. Ifo needs to be sent back and forth between Exchange server and also out to the internet.

More information is required.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Unfortunately that still doesn't help.

The ports open to the internet are not the full list of ports that Exchange uses.

If you are using OWA, then the least ports you can get away with are 25 (SMTP) and 443 (HTTPS). In fact most Exchange sites could probably get away with just those.
However if you have machines outside of the network that are accessing the server via POP3, IMAP etc then you need to open those as well.

Are you talking about ports through the firewall from the internet - or an attempt to protect the Exchange server from attacks inside the network?
If you want to firewall the Exchange server itself, then you may as well give up now, as the large number of ports it requires to talk to Outlook clients and domain controllers will basically make the firewall useless.

Simon.
0
 

Author Comment

by:s2cott
Comment Utility
I do not need the ports relating to accessing the firewall.
I am hoping for a list of the ports that need to be open on a exchange server
0
 
LVL 104

Accepted Solution

by:
Sembee earned 50 total points
Comment Utility
Ok if you insist...

SMTP: 25
LDAP (DC lookup): 389
LDAP (GC lookup): 3268
NetBIOS (ports): 135, 139, 1024+ (default config is usually 6000 something).
DNS: 53
RPC: 111, 135, 1024+
Netlogon: 445
Kerberos: 88
OWA: 80 (HTTP), 443 (HTTPS)
IMAP4: 143, 993 (with SSL) SSL  
POP3:110, 995 (with SSL)

That is the minimum required, but will basically provide you with no protection whatsoever from attacks. The biggie is 135 NETBIOS, probably the most dangerous port to have open.

Simon.
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now