Solved

Exchange ports

Posted on 2006-07-18
7
344 Views
Last Modified: 2010-03-06
What ports do I need to have open on a 2003 server running Exchange 2003. Also what is the best way to close ports that are not needed.
0
Comment
Question by:s2cott
  • 3
  • 2
7 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17132022
What is your objective?

Ports where?
Internally?
Externally?
To the internet?
Somewhere else?

More information is required.

Simon.
0
 

Author Comment

by:s2cott
ID: 17132168
What is your objective? I am at a University so we are constantly under attack. We sit behind 2 firewalls but there are ways through.

Ports where? On the Exchange server it self
Internally?
Externally?
To the internet?
Somewhere else?

We also use OWA. Ifo needs to be sent back and forth between Exchange server and also out to the internet.

More information is required.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17133009
Unfortunately that still doesn't help.

The ports open to the internet are not the full list of ports that Exchange uses.

If you are using OWA, then the least ports you can get away with are 25 (SMTP) and 443 (HTTPS). In fact most Exchange sites could probably get away with just those.
However if you have machines outside of the network that are accessing the server via POP3, IMAP etc then you need to open those as well.

Are you talking about ports through the firewall from the internet - or an attempt to protect the Exchange server from attacks inside the network?
If you want to firewall the Exchange server itself, then you may as well give up now, as the large number of ports it requires to talk to Outlook clients and domain controllers will basically make the firewall useless.

Simon.
0
 

Author Comment

by:s2cott
ID: 17133131
I do not need the ports relating to accessing the firewall.
I am hoping for a list of the ports that need to be open on a exchange server
0
 
LVL 104

Accepted Solution

by:
Sembee earned 50 total points
ID: 17133198
Ok if you insist...

SMTP: 25
LDAP (DC lookup): 389
LDAP (GC lookup): 3268
NetBIOS (ports): 135, 139, 1024+ (default config is usually 6000 something).
DNS: 53
RPC: 111, 135, 1024+
Netlogon: 445
Kerberos: 88
OWA: 80 (HTTP), 443 (HTTPS)
IMAP4: 143, 993 (with SSL) SSL  
POP3:110, 995 (with SSL)

That is the minimum required, but will basically provide you with no protection whatsoever from attacks. The biggie is 135 NETBIOS, probably the most dangerous port to have open.

Simon.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now