• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RPC port 135 and Kerio Firewall

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> RPC port 135 and Kerio Firewall Page: [1]
Login
Message << Older Topic   Newer Topic >>
RPC port 135 and Kerio Firewall - 24.Jun.2003 2:36:00 PM   
craig wight

 

Posts: 16
Joined: 3.Jun.2003
From: UK
Status: offline
I have Kerio firewall and wish to close port 135 (RPC) - however, once a Kerio rule is created to hide 135 from the outside world, all my Outlook clients cannot connect to Exchange 2000 Server - anyone got this to work properly?

Thanks in advance!
Post #: 1
RE: RPC port 135 and Kerio Firewall - 24.Jun.2003 8:37:00 PM   
Exchange_Admin

 

Posts: 376
Joined: 23.Feb.2003
From: Texas
Status: offline
Port 135 MUST be open.
Outllok uses this port to connect to the Exchange servers RPC Endpoint Mapper.

(in reply to craig wight)
Post #: 2
RE: RPC port 135 and Kerio Firewall - 25.Jun.2003 1:20:00 PM   
craig wight

 

Posts: 16
Joined: 3.Jun.2003
From: UK
Status: offline
Hi,

Thanks for the reply!

I have heard port 135 been open is dangerous security wise-is this true?

Is it a dangerous port?

Thanks again

Regards,
Cvv.

(in reply to craig wight)
Post #: 3
RE: RPC port 135 and Kerio Firewall - 27.Jun.2003 11:10:00 PM   
atguilmette

 

Posts: 403
Joined: 4.Mar.2003
From: Southfield, MI
Status: offline
Port 135 is a NetBIOS port. It's used by a lot of backdoor/trojan programs to exploit Windows networks. The Exchange whitepaper "Microsoft Exchange 2000 Server Front-End and Back-End Topology" whitepaper lists all of the ports necessary for communicating via the internet. In order to have working MAPI access to Exchange, you need to have a boatload of ports open (135-139 for NetBIOS, 445 for auth, 389 and 3268 for LDAP, and then usually everything above 1024 for random TCP/RPC connectivity though you can map all of that to a specific port).

While allowing MAPI access to Exchange is a great feature, it's inherently insecure and can be extremely slow. For users that want to access their mail both remotely and when connected to the intranet/LAN, your best, most secure options would be to use Outlook Web Access over SSL (https) or IMAP4 over SSL.

OWA just goes through a web browser, and only requires ports 443 and 25 open on the external firewall.

IMAP4 over SSL would provide the most LAN-like experience (allowing remote users to use Outlook or another IMAP4 client), while keeping mail on the server. IMAP4 over SSL would require ports 993 and 25 open.

POP3 over SSL is another secure choice (and is the fastest), but I would recommend against it for most users because POP clients (unless configured otherwise) download and remove mail off the server. In my experience, users that are both remote and intranet/LAN users get confused that not all of the messages show up in both places (remote POP3 client and Outlook on the LAN). POP3 over SSL would require ports 995 and 25 open.

Anyway, that's my two cents. :-)

[ June 27, 2003, 11:11 PM: Message edited by: atguilmette ]

(in reply to craig wight)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> RPC port 135 and Kerio Firewall Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter