RE: Securing Exchange Server

[Ben Winzenz]

Title: Message

IT Depends!  How many NIC's are in this server?  Only one?  Then no.  If you turn off everything but those three ports, then you WILL break the server.  Including communication between the PDC and BDC.  You HAVE to have at least 2 NICS in there to accomplish what you want.  You cannot only have those 3 protocols active inside your domain.   Ben Winzenz, MCSE Network/Systems Administrator Peregrine Systems   -----Original Message----- From: Manish Govindji [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 3:36 PM To: MS-Exchange Admin Issues Subject: Re: Securing Exchange Server   is there no way to close ports not needed on the server, protocols, properties.    Just allow port 25, 110 for the  exchange to breath.  So that all the 135, 137, 139, and the rest are closed. ----- Original Message ----- From: Allen Crawford To: MS-Exchange Admin Issues Sent: Thursday, February 21, 2002 11:28 PM Subject: RE: Securing Exchange Server   Or to make things easy, you might want to buy a Linksys Cable/DSL router (or similar device).  That would be much better than nothing.   -----Original Message----- From: Ben Winzenz [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 3:23 PM To: MS-Exchange Admin Issues Subject: RE: Securing Exchange Server   You can turn off unused/unwanted protocols under the Site, Configuration, Protocols, properties for each protocol.  This should render the ports inactive and unable to accept connections on them.  You can also do the same on a per server basis under the Server, Protocols, properties for each protocol.  This will cover the Exchange protocols only though.   I really think that if you are wanting to filter that many ports, you should look at a firewall.  Heck, even if it is a software firewall to start with.  It would be better than nothing.   Ben Winzenz, MCSE Network/Systems Administrator Peregrine Systems   -----Original Message----- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 3:14 PM To: MS-Exchange Admin Issues Subject: RE: Securing Exchange Server   Why no SSL? -----Original Message----- From: Manish Govindji [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 12:11 PM To: MS-Exchange Admin Issues Subject: Re: Securing Exchange Server Thanks for the reply.   Not for relay, but we do not have any firewall as yet, and i would like to close unecessary ports. Its a fresh installtion NT server PDC, Exchange 5.5. So all the ports are open. I just want 25, 110, 80 to be open.   I tried that on TCP/IP security and nobody could connect to mail server ....     ----- Original Message ----- From: Martin Blackstone To: MS-Exchange Admin Issues Sent: Thursday, February 21, 2002 11:02 PM Subject: RE: Securing Exchange Server   So are you saying someone used you as a relay or hacked your box or what?   Are you behind a FW? What ports are open to the Exch server? -----Original Message----- From: Manish Govindji [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 11:41 AM To: MS-Exchange Admin Issues Subject: Securing Exchange Server Hello,   I have tried many times but failed to secure Our Exchange Server. We have a Exchnage server for only   Server has NT4, IIS4, DNS.   How Do I use TCP IP security tab to configure security so that all the unnecessary ports are closed, we only use exchnage for POP3 and SMTP.   The last time I tried I got Max user limit .... on SMTP List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm