A.2 Supplemental Exchange security information | Mission-Critical Microsoft Exchange 2003: Designing and Building Reliable Exchange Servers (HP Technologies)

Key protocols and ports for Exchange security configuration

Table A.1 lists protocols and ports used by Windows servers and Exchange servers. It is important to go through them to customize the firewall you are using. For a complete reference on Exchange security, see the Exchange Security Operations Guide or Paul Robichaux’s book, Securing Exchange 2003 Server .

Table A.1: Ports and Protocols for the Services in Windows/Exchange 2000/2003
PORT	TCP/UDP	Name of Service
25	TCP	SMTP
42	TCP	WINS Replication
47	TCP	GRE for PPTP
53	TCP/UDP	DNS Name Resolution
67	UDP	DHCP Lease (BOOTP)
68	UDP	DHCP Lease
80	TCP	HTTP
88	TCP/UDP	Kerberos Authentication
102	TCP	MTA—X.400 over TCP/IP
110	TCP	POP3
119	TCP	NNTP
135	TCP	Location Service RPC RPC EP Mapper WINS Manager DHCP Manager MS DTC
137	UDP	NetBIOS Name Service Logon Sequence Windows NT 4.0 Trusts Windows NT 4.0 Secure Channel Pass Through Validation Browsing Printing
137	TCP	WINS Registration
138	UDP	NetBIOS Datagram Service Logon Sequence Windows NT 4.0 Trusts Windows NT 4.0 Directory Replication Windows NT 4.0 Secure Channel Pass Through Validation NetLogon Browsing Printing
139	TCP	NetBIOS Session Service NBT SMB File Sharing Printing Logon Sequence Windows NT 4.0 Trusts Windows NT 4.0 Directory Replication Windows NT 4.0 Secure Channel Pass Through Validation
		Windows NT 4.0 Administration Tools (Server Manager, User Manager, Event Viewer, Registry Editor, Diagnostics, Performance Monitor, DNS Administration)
143	TCP	IMAP
389	TCP/UDP	LDAP
443	TCP	HTTP (SSL)
445	TCP	Active Directory NetLogon
465	TCP	SMTP (SSL)
500	TCP/UDP	ISAKMP/Oakley negotiation traffic (IPSEC) —IPSec Internet Key Eexchange (IKE)
522	TCP	User Location Store
563	TCP	NNTP (SSL)
636	TCP/UDP	LDAP (over TLS/SSL)
691	TCP	SMTP Link State
750	TCP/UDP	Kerberos Authentication
751	TCP/UDP	Kerberos Authentication
752	UDP	Kerberos Password Service
753	UDP	Kerberos User Registration Server
754	TCP	Kerberos Slave Propagation
888	TCP	Logon and Environment Passing
993	TCP	IMAP4 (SSL)
995	TCP	POP3 (SSL)
1109	TCP	POP with Kerberos
1723	TCP	PPTP Control Channel (IP Protocol 47—GRE)
2053	TCP	Kerberos de-multiplexor
2105	TCP	Kerberos encrypted rlogin
3268	TCP	Active Directory Global Catalog
3269	TCP	Active Directory Global Catalog
3389	TCP/RDP	Terminal Services

The following Microsoft Knowledge Base articles are also excellent references on securing Exchange services exposed to the Internet.

289241 “A List of the Windows Server Domain Controller Default Ports”

 http://support.microsoft.com/?id=289241

278339 “XGEN: TCP/UDP Ports Used by Exchange 2000 Server”

 http://support.microsoft.com/?id=278339

224196 “Restricting Active Directory Replication Traffic to a Specific Port”

 http://support.microsoft.com/?id=224196

280132 “XCCC: Exchange 2000 Windows 2000 Connectivity through Firewalls”

 http://support.microsoft.com/?id=280132