Exchange Admin 101: Exchange Server communication ports

Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.

In this article, I explain which ports various Exchange Server components use, so you can get an idea of which you can close for better security, and which must remain open.

The Exchange System Attendant

The Exchange System Attendant is one of the most difficult Exchange components to plan for. It primarily uses inbound TCP port number 135, but it also uses a few random ports for RPC end points (the Exchange System Attendant does not initiate any outbound connections). These random ports use numbers above 1024, but the numbers may change each time the System Attendant is started. If you are using RPC over HTTP, then TCP ports 6002-6004 may also be used for inbound communications.

The Information Store

The Exchange Information Store receives inbound traffic on TCP port 135. If RPC over HTTP is being used, TCP port 6001 is also used for inbound communications. The Information Store does use outbound communications to inform clients of new mail. By default, each Outlook client listens on a random UDP port. These random UDP ports are not used for clients accessing the server through RPC over HTTP. RPC over HTTP makes use of direct server polling instead.

The Message Transfer Agent

The Message Transfer Agent (MTA) is used for communications with Exchange 5.5 servers and for servers that communicate through the X.400 protocol only. The MTA performs RPC-based communications over TCP port number 135. X.400 communications occur over TCP port number 102.

Simple Message Transfer Protocol (SMTP)

SMTP is one of the core components of Exchange Server, and SMTP traffic must not be blocked. SMTP traffic flows over TCP port 25.

Microsoft Exchange Routing Engine

One of the lesser known Exchange functions that uses a port is the routing engine. The routing engine routes traffic among the various servers within your Exchange organization. The routing engine uses TCP port 691.

World Wide Web Publishing Service

The World Wide Web Publishing Service isn't technically part of Exchange, but rather a part of IIS. Even so, this service provides OWA's core functionality. If the server is acting as an OWA front-end server, then the WWW Publishing Service uses TCP ports 80 and 443 (SSL). The only time that outbound traffic is required to be sent over port 80 is during front-end to back-end server communications.

POP3

Exchange Server 2003 disables POP3 by default, unless the server was upgraded from a previous Exchange version. If your server is using POP3, it listens for inbound traffic on TCP ports 110 and 995 (SSL). Normally, POP3 doesn't transmit outbound traffic. But if POP3 is being used for front-end to back-end server communications, TCP port 110 is used for outbound traffic.

IMAP4

Like POP3, IMAP4 is disabled by default in Exchange Server 2003 unless the server was upgraded from a previous version of Exchange. IMAP4 uses TCP ports 143 and 993 (SSL) for inbound communications. IMAP4 does not transmit outbound traffic unless it is used in a front-end/back-end server configuration, in which case it uses TCP port 443.

NNTP

The Network News Transfer Protocol (NNTP) is also disabled by default unless the server was upgraded to Exchange Server 2003. NNTP uses TCP ports 119 and 563 (SSL) for inbound communications. These same ports are also used for outbound communications if the server is configured to push content to other NNTP servers.

Site Replication Service

The Site Replication Service is RPC-based. As you would expect, this service uses primarily TCP port 135 for inbound and outbound communications. This service sometimes uses additional random TCP ports for outbound communications though. Inbound traffic also makes use of TCP port 379.

Active Directory Connector

The Active Directory Connector supports outbound traffic only. Outbound traffic flows over TCP ports 379 and 389.

Exchange Management

Exchange Management isn't really a built-in Exchange service; it's actually generic term for any Exchange Server management tools based on WMI. A good example of such a tool is Microsoft Operations Manager (MOM). WMI-based tools use RPC and pass inbound traffic through RPC calls across TCP port 135 and other random UDP ports.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.

Tip: A primer on messaging standards – NNTP, X.400 and LDAP

---

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Exchange Admin 101 Tips Manage Exchange 2007 public folders with the Exchange Management Shell Exchange Admin 101: Exchange 2003 and Exchange 2007 admin privileges Exchange Admin 101: Server roles in Exchange Server 2007 Exchange Admin 101: An introduction to RAID for Exchange Server Exchange Admin 101: An introduction to DSAccess Exchange Admin 101: Exchange Server replication and synchronization Exchange Admin 101: Meet MOM Exchange Admin 101: An introduction to Exchange clustering Exchange Admin 101: Configuring OMA and ActiveSync Exchange Admin 101: Email attachment blocking Exchange Server Security OWA 'Loading' problems with Internet Explorer security zones New Exchange Server tools named as Products of the Year Beware of bare linefeeds in Exchange Server email Top 10 Exchange Server administration tips of 2006 Enabling protocol logging for Exchange Server Eliminate annoying Microsoft Outlook security warnings with ClickYes Pro Forefront beta secures SharePoint collaboration Dell, Symantec simplify Secure Exchange for SMBs Tutorial: How to determine which ports Exchange Server is using Unsecured devices worry IT professionals Exchange Server Security Research LDAP Access contacts in an LDAP or X.500 directory from OWA How Exchange Server performs Active Directory LDAP queries Troubleshoot Microsoft Outlook offline address books (.OAB files) with the OABInteg tool Troubleshooting Exchange replication with REPADMIN Tool diagnoses Active Directory schema problems Setting age and size limits on users' Deleted Items folders ActiveSync and front-end DNS aliases A primer on messaging standards: NNTP, X.400 and LDAP SMTP domain and e-mail address setup Is Exchange listening? RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.