Networking

A handy list of common ports used by Exchange

You can reference this list to make appropriate firewall decisions in your organization.

Here's a quick list of the common ports used by Exchange and some of its related services. You can reference this list to make appropriate firewall decisions in your organization. (Please note that I am assuming that you have a new Exchange Server 2003 installation; i.e., you did not upgrade from a previous version. If you did upgrade to 2003 from a previous version, services such as POP3 and IMAP4 may not be disabled.)

  • Information Store: TCP 135 inbound, TCP 6001 inbound when using RPC over HTTP.
  • Exchange System Attendant: TCP 135 inbound, TCP 6002-6004 inbound when using RPC over HTTP.
  • Exchange Routing Engine: TCP 691 inbound and outbound.
  • WWW Service (OWA): TCP 80 inbound, TCP 443 inbound when using SSL; TCP 80 outbound when HTTP is used for front-end to back-end server communication.
  • SMTP: TCP 25 inbound and outbound. Remember, even with POP3 clients, messages are still sent with SMTP.
  • POP3 (disabled by default): TCP 110 inbound; TCP 995 inbound when using SSL; TCP 110 outbound when POP3 is used for front-end to back-end server communication.
  • IMAP4 (disabled by default): TCP 143 inbound; TCP 993 inbound when using SSL; TCP 443 outbound when IMAP4 is used for front-end to back-end server communication.
  • NNTP (disabled by default): TCP 119 inbound; TCP 563 inbound when using SSL; TCP 119 outbound (TCP 563 outbound for SSL) is needed for servers that push news content to other servers.
  • ActiveSync: UDP 2883 outbound on the front-end server.
  • LDAP/ TCP 3268 – Used by Exchange to communicate with the domain's Global Catalog servers.
2 comments
pirho
pirho

I can't believe that you guys forgot about LDAP, which runs on TCP 389. We use it for communication to the Global Address Book, for all our clients that still use POP3 on the outside. Also a little trick that I picked up, for those who haven't gotten around to switching over to rpc over http, is to use 446 for smtp. With the ISP's blocking all traffic coming from SMTP except on their own next work to prevent spam, we open up tcp 465 on our exchange server to allow our staff to send mail from anywhere.

Scott Lowe
Scott Lowe

I listed the common ports, but not everything used by Exchange. That said, you're right - LDAP should be in this list. Scott

Editor's Picks