opening ports 110 and 25 in proxy server

In our LAN environment users are given internet access through Proxy server.We get request from users to open the ports POP3 110 and SMTP 25 in the proxy server.Is there any risk by opening this ports in proxy server?Pl suggest
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi megavannan,

No, there is no security risks as only mail will be allowed through these 2 ports. You can open them and not worry about security issues.

I'd be slightly concerned about opening port 25, if for some reason you get a virus infection that turns a pc into a spambot, it will send out on port 25, now you should pick this up from the proxy logs that it's suddenly getting a huge amount of traffic on this port and be able to locate the issue.

The other thing is do you want people being able to send/receive email from their desktops? I've worked for companies where this is banned and only work email can be used, depends how harsh your IT policies are.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I'd agree with drpoppers - are you running a local mail server on the network (ie. exchange)?  If you are running a mail server off site, then best practice would be to permit traffic between the client machines and the remote mail server only.  That also prevents users from sending mail via personal mail accounts from the office.

There are always risks by opening up additional ports, especially commonly know ports.

You'll have to weigh the consequences of opening additional ports.

Do these ports need to be opened for official use? (coorporate email etc...) if so, then you'll have to open the ports and deal with the additional security issues. For example you should have an IDS and content filter.

If these requests are for non-official purposes, like sending their own personal mail, I see no reason why you should entertain those requests. As you said, they already have internet access, they can just use web mail.

Hope that helps.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.