Ports required for mail server?

By lieb39
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

lieb39

Posted
Posted

Hello everyone,

I've got a exchange server running at home, working fine and all that. I've got iMAP open, and OWA. Other than that, what ports are required to be open so that email can be recieved by my server, etc? I want to close off unnecessary ports / lockdown the Exchange server.

Last thing I want is my server being used to send SPAM mail.

I've got 25 (SMTP) and 53 (DNS) open at the moment, going to the server.

Cheers,

lieb39

Link to comment
https://www.neowin.net/forum/topic/651093-ports-required-for-mail-server/
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted (edited)

Curious why type of connection you have? Running a server on a home connection to receive email is rarely an issue unless your isp blocks 25. It's quite often the sending to the major domain players that can be a problem. Quite a lot them will block email from dynamic listed IPs, ie home type connections. Others can block if your PTR does not match your forward for your IP does not match, etc.

Some tell you right up front, others will just drop your messages with out notice, etc.

--

Connected to mailin-02.mx.aol.com.

Escape character is '^]'.

554- (RTR:DU) http://postmaster.info.aol.com/errors/554rtrdu.html

554 Connecting IP: 71.x.x.x

Connection closed by foreign host.

AOL works with http://www.spamhaus.org to maintain lists of dynamic and residential IP addresses using the PBL database. Per our E-mail Guidelines, we do not accept mail from these addresses, as it is difficult to determine who is responsible for mail being generated by these IP's.

--

To be honest running a email server other than for play/testing on a home connection ends up being nothing more than an exercise in futility and a waste of time and money. Gmail for example will host your domains email for FREE if you were not aware ;) So why should spend time and effort and money running an exchange that could have issues sending to major domains, etc.. Having to worry if its up, is it sending spam, etc.. etc.. So good luck.

As to ports being open or not has little to do with your exchange server ending up a spam relay. If the server is not listing on the ports it makes little difference if they are open or not. Problem with a windows server is you would not want all the file sharing/windows ports open to the public. But if all of these services were turned off -- and it was only listening on the ports used, etc.

As stated unless the box is running dns -- it has no use of a 53 to it. How is this box connected to the public net? Directly with a public IP, or is behind a nat router - or just a firewall? how are you allowing/disallowing ports to it?

As to hardening exchange - what flavor of exchange?

http://technet.microsoft.com/en-us/library/aa996732.aspx

Introduction to the Exchange Server 2003 Security Hardening Guide

http://www.msexchange.org/articles_tutoria...2007-part1.html

Hardening Exchange Server 2007 - Part 1: Introductory Steps

As to using self signed certs.. Depends on how you are using it -- if just you or a few of your friends, etc.. Then a selfsigned cert, or a free one from http://www.cacert.org/ is JUST fine.. The only reason you would ever have to pay for a SSL cert is depending on the userbase -- ie do you want them to have to add trust to their browser for your CA, or some other third party CA.. Or do you want their browser to auto trust it, since its signed by a major player CA.

There is NO difference in performance or security between a selfsigned or free issued ssl cert -- it just comes down to if the users browser will trust it out of the box is all. Also the major players make you prove who you are, so your customers can have some trust that your really Company X running domainX and that you have legal right to the domain, etc.

Edited by BudMan
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.