Re: POP3 and SBS 2003 Problem
From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 10/02/04
- Next message: Merv Porter [SBS-MVP]: "Re: Problem with ms update"
- Previous message: Bernard George: "Re: No email using Pop 3 Connector"
- In reply to: Mike R.: "Re: POP3 and SBS 2003 Problem"
- Next in thread: Mike R.: "Re: POP3 and SBS 2003 Problem"
- Reply: Mike R.: "Re: POP3 and SBS 2003 Problem"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 2 Oct 2004 10:41:04 -0400
Mike R. wrote:
>> DO you mean you have this HORRENDOUS list of ports open incoming
>> through your firewall?
>
> I guess since these are configured ports that I can see under my
> Linksys Firewall.
> Ok, let me tell you the services that I need and maybe you can tell
> me the only ports that I need to leave open and remove the rest of
> them:
>
> POP3 (110), SMTP (25), Remote Access (3389), VPN, VNC (5900), FTP
> (20,21), HTTP (80), HTTPS (443), Media Services (1755)
110: I don't recommend anyone connecting via POP - you will invariably end
up with them losing mail. Have remote users use OWA and/or set up VPN/RPC
over HTTP(s).
25: Needed so you can receive mail via SMTP, so that's all good.
3389: Remote Desktop, that's OK.
5900: VNC - not needed - I would close this.
20,21: Close these - potentially VERY dangerous. If you need an FTP server,
get another box, stick it in your DMZ.
80: If you force OWA to use SSL, you can and should close this. Do not host
public websites on your server. If you need a public webserver, get another
box and stick it in your DMZ.
1725: Why do you need this open inbound??
>
>> As well as open incoming on your firewall are you also redirecting
>> them to your server?
>
> Yes, I am redirecting them to the IP which the Router/Firewall is
> connecting to. Note that I have 2 NICs. one is connecting to Internet
> (Router/Firewall) and one is connecting to my local network.
>
>> Are you talking about a seperate firewall appliance or ISA?
>
> Seperate firewall which is sitting between internet and Server. Not
> betwen server and stations.
>
>> Please list each port and TCP/UDP type seperately and explain WHY
>> you feel you need all this rubbish open. Please include the
>> direction you have opened the traffic and whether it is 'open' or
>> redirected to the server.
>
> I have listed the one that I know I'll need them above.
>
>>> DMZ, SNMP, and UPnP are disabled.
>>
>> WHY???? You've opened just about everything else, why not throw
>> these in for good measure?
>
> I agree. LOL
>
>> It's GOOD that your remote users can't send via your server. They
>> should be sending via their ISP's outgoing server.
>
> I know but what if I want to provide this to them as well?
>
> I really appriciate your time.
>
> Thanks,
>
> Mike
- Next message: Merv Porter [SBS-MVP]: "Re: Problem with ms update"
- Previous message: Bernard George: "Re: No email using Pop 3 Connector"
- In reply to: Mike R.: "Re: POP3 and SBS 2003 Problem"
- Next in thread: Mike R.: "Re: POP3 and SBS 2003 Problem"
- Reply: Mike R.: "Re: POP3 and SBS 2003 Problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
