Table A.1 lists protocols and ports used by Windows servers and Exchange servers. It is important to go through them to customize the firewall you are using. For a complete reference on Exchange security, see the Exchange Security Operations Guide or Paul Robichaux’s book, Securing Exchange 2003 Server .
PORT | TCP/UDP | Name of Service |
---|---|---|
25 | TCP | SMTP |
42 | TCP | WINS Replication |
47 | TCP | GRE for PPTP |
53 | TCP/UDP | DNS Name Resolution |
67 | UDP | DHCP Lease (BOOTP) |
68 | UDP | DHCP Lease |
80 | TCP | HTTP |
88 | TCP/UDP | Kerberos Authentication |
102 | TCP | MTA—X.400 over TCP/IP |
110 | TCP | POP3 |
119 | TCP | NNTP |
135 | TCP | Location Service
|
137 | UDP | NetBIOS Name Service
|
137 | TCP | WINS Registration |
138 | UDP | NetBIOS Datagram Service
|
139 | TCP | NetBIOS Session Service
|
Windows NT 4.0 Administration Tools (Server Manager, User Manager, Event Viewer, Registry Editor, Diagnostics, Performance Monitor, DNS Administration) | ||
143 | TCP | IMAP |
389 | TCP/UDP | LDAP |
443 | TCP | HTTP (SSL) |
445 | TCP | Active Directory NetLogon |
465 | TCP | SMTP (SSL) |
500 | TCP/UDP | ISAKMP/Oakley negotiation traffic (IPSEC) —IPSec Internet Key Eexchange (IKE) |
522 | TCP | User Location Store |
563 | TCP | NNTP (SSL) |
636 | TCP/UDP | LDAP (over TLS/SSL) |
691 | TCP | SMTP Link State |
750 | TCP/UDP | Kerberos Authentication |
751 | TCP/UDP | Kerberos Authentication |
752 | UDP | Kerberos Password Service |
753 | UDP | Kerberos User Registration Server |
754 | TCP | Kerberos Slave Propagation |
888 | TCP | Logon and Environment Passing |
993 | TCP | IMAP4 (SSL) |
995 | TCP | POP3 (SSL) |
1109 | TCP | POP with Kerberos |
1723 | TCP | PPTP Control Channel (IP Protocol 47—GRE) |
2053 | TCP | Kerberos de-multiplexor |
2105 | TCP | Kerberos encrypted rlogin |
3268 | TCP | Active Directory Global Catalog |
3269 | TCP | Active Directory Global Catalog |
3389 | TCP/RDP | Terminal Services |
The following Microsoft Knowledge Base articles are also excellent references on securing Exchange services exposed to the Internet.
289241 “A List of the Windows Server Domain Controller Default Ports”
http://support.microsoft.com/?id=289241
278339 “XGEN: TCP/UDP Ports Used by Exchange 2000 Server”
http://support.microsoft.com/?id=278339
224196 “Restricting Active Directory Replication Traffic to a Specific Port”
http://support.microsoft.com/?id=224196
280132 “XCCC: Exchange 2000 Windows 2000 Connectivity through Firewalls”
http://support.microsoft.com/?id=280132