My question is: Is SMTP the only protocol / port required for basic email connectivity through a firewall?
Here’s the scenario. We have a simple exchange 2000 implementation: one server, one network, and one firewall separating us from the outside. We only have a need to send and receive email with the outside. I have a dispute with a fellow admin (who also happens to be the boss and has final say – hence the need for an authoritative answer) that believes ports 135-139, 445 and 61007 need to be open at the firewall for exchange to send/receive correctly. I insist they need to be closed, as they are unnecessary and for security concerns. Thank you for any help you can provide.
Good news: you’re right. Bad news: you have to diplomatically tell your boss that he is, er, misinformed. For basic in-and-out email, all you need is port 25, period. That’s the registered IANA port for SMTP. Ports 135, 137, and 139 are used by various Windows RPC services, so you’d only open them if a) you were crazy or b) you wanted to start attracting hack attempts within minutes. Port 445 is only used by SMB filesharing traffic, which you don’t have.
So, bottom line: close everything on the firewall except port 25, and you’ll be in good shape. (Of course, if you want OWA access, you’ll need some additional open ports– see Chapter 14 of the book for details).
Paul's Down-Home Page 