Q: Firewall - which ports open for mailserver ?
Hi, I would like to know which ports have to be open in the firewall for a SuSE-IMAP2 server (mail/http/pop/imap-server). #ssh only for some ip's (ssh 22/tcp # SSH Remote Login Protocol) # for all ip's smtp 25/tcp mail # Simple Mail Transfer http 80/tcp # World Wide Web HTTP pop2 109/tcp # Post Office Protocol - Version 2 pop3 110/tcp # Post Office Protocol - Version 3 imap 143/tcp imap2 # Internet Message Access Protocol imap3 220/tcp # Interactive Mail Access Protocol v3 https 443/tcp # http protocol over TLS/SSL imap4-ssl 585/tcp # IMAP4+SSL (use 993 instead) sshell 614/tcp # SSLshell imaps 993/tcp # imap4 protocol over TLS/SSL pop3s 995/tcp spop3 # pop3 protocol over TLS/SSL More ports ? Or can I close some of those ports ? Bye, Peer _________________________________________________________ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Carl-Zeiss-Promenade 10 Telefon: ++49 3641 6437-52 D-07745 Jena Telefax: ++49 3641 6437-10
Peer-Joachim Koch wrote:
#ssh only for some ip's (ssh 22/tcp # SSH Remote Login Protocol) # for all ip's smtp 25/tcp mail # Simple Mail Transfer http 80/tcp # World Wide Web HTTP
I'd probably close this, if your only use for http is webmail.
pop2 109/tcp # Post Office Protocol - Version 2
You definitely don't need this one :)
pop3 110/tcp # Post Office Protocol - Version 3 imap 143/tcp imap2 # Internet Message Access Protocol imap3 220/tcp # Interactive Mail Access Protocol v3
And you won't need this one either.
https 443/tcp # http protocol over TLS/SSL imap4-ssl 585/tcp # IMAP4+SSL (use 993 instead)
Well, it says that you don't need this port, as imaps now listens on port 993.
sshell 614/tcp # SSLshell
You're using SSLshell? Or which process is listening on this port?
imaps 993/tcp # imap4 protocol over TLS/SSL pop3s 995/tcp spop3 # pop3 protocol over TLS/SSL
If you know in advance, which clients are going to be used - or better if you can decide, which clients are to be used, I'd go for closing down all cleartext protocols on your server, so that only smtp, imaps, pop3s and https are open to the public. Alas, some mail readers are still broken and do not support imaps or/and pop3s, so you might have to leave pop3 and imap open as well. Just my 2 Cent, Ralph
participants (2)
-
Peer-Joachim Koch
-
Ralph Angenendt