opening ports 110 and 25 in proxy server

Posted on 2008-11-11
Last Modified: 2012-05-05
In our LAN environment users are given internet access through Proxy server.We get request from users to open the ports POP3 110 and SMTP 25 in the proxy server.Is there any risk by opening this ports in proxy server?Pl suggest
Question by:megavannan
    LVL 16

    Expert Comment

    Hi megavannan,

    No, there is no security risks as only mail will be allowed through these 2 ports. You can open them and not worry about security issues.

    LVL 3

    Accepted Solution

    I'd be slightly concerned about opening port 25, if for some reason you get a virus infection that turns a pc into a spambot, it will send out on port 25, now you should pick this up from the proxy logs that it's suddenly getting a huge amount of traffic on this port and be able to locate the issue.

    The other thing is do you want people being able to send/receive email from their desktops? I've worked for companies where this is banned and only work email can be used, depends how harsh your IT policies are.
    LVL 14

    Expert Comment

    I'd agree with drpoppers - are you running a local mail server on the network (ie. exchange)?  If you are running a mail server off site, then best practice would be to permit traffic between the client machines and the remote mail server only.  That also prevents users from sending mail via personal mail accounts from the office.

    LVL 13

    Expert Comment

    There are always risks by opening up additional ports, especially commonly know ports.

    You'll have to weigh the consequences of opening additional ports.

    Do these ports need to be opened for official use? (coorporate email etc...) if so, then you'll have to open the ports and deal with the additional security issues. For example you should have an IDS and content filter.

    If these requests are for non-official purposes, like sending their own personal mail, I see no reason why you should entertain those requests. As you said, they already have internet access, they can just use web mail.

    Hope that helps.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Read about achieving the basic levels of HRIS security in the workplace.
    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now