Dear All,
first of a big thank you to the Scalix Team for providing such a fine piece of software.
Alas, the documentation (all of which I have consulted and searched etc..) has one shortcoming: There is nothing on minimisation, that is to say, information on whether ports can be closed if certain service types are not used.
The recommended ports from the Scalix Installation Guide are:
25/TCP, 80/TCP, 110/TCP, 143/TCP, 389/TCP (I know this can conflict and should be moved to another port), 5729/TCP and 5757/UDP.
The thing is that in our internal network here we use SWA and the Outlook Connector only.
So my first question is whether I can close ports 110/TCP and 143/TCP on the server or will that affect Scalix operations (none of our clients use POP3 or IMAP access)?
My second question is: What port(s) does the Outlook Connector use to communicate with the server?
Thirdly: Outside of our network (that is from the internet) we only use SWA. Is it sufficient to have ports 25/TCP (so that sendmail can communicate with other mailservers) and 80/TCP (to serve the SWA) open to the outside world or does SWA require additional ports open? (To clarify: I'm not asking whether SWA needs port 25. I know that sendmail needs that, so that the mailserver can work at all.)
I have wondered about ports 5729/TCP and 5757/TCP, and from my digging I've found that the Outlook connector seems to use 5729 (is this correct?). But what is 5757 used for? Is this used locally on the server only or do clients need to be able to reach the server on this port, too?
I would be very grateful if someone can shed light on this, as I don't like having so many ports open and especially to the outside world, I want the bare minimum, which in my opinion would be 25/TCP and 80/TCP, so that sendmail and SWA work.
Thanks in advance for any comments!
[HELP] Firewall ports, server ports - how to minimise...
Moderators: ScalixSupport, admin
-
hakimoto
- Posts: 17
- Joined: Tue Oct 21, 2008 2:22 am
- Location: Kabul, Afghanistan, Asia
- Contact:
-
Valerion
- Scalix Star
- Posts: 2730
- Joined: Thu Feb 26, 2004 7:40 am
- Location: Johannesburg, South Africa
- Contact:
If you use SWA, you will need port 80/TCP and/or 443/TCP, the standard HTTP/HTTPS ports.
If you use Outlook you will need 5729/TCP and/or 5767/TCP, the unencrypted and encrypted ports, respectively. If you run multiple servers you will also need 5757/UDP.
110/TCP and 143/TCP is only used if you need to accept connections from standalone IMAP/POP3 clients like Outlook Express or Thunderbird. Then you will also need 389/TCP for the LDAP lookups to display an address book.
25/TCP is used for incoming email from the Internet, as well as from POP3/IMAP clients.
If you use Outlook you will need 5729/TCP and/or 5767/TCP, the unencrypted and encrypted ports, respectively. If you run multiple servers you will also need 5757/UDP.
110/TCP and 143/TCP is only used if you need to accept connections from standalone IMAP/POP3 clients like Outlook Express or Thunderbird. Then you will also need 389/TCP for the LDAP lookups to display an address book.
25/TCP is used for incoming email from the Internet, as well as from POP3/IMAP clients.
Who is online
Users browsing this forum: No registered users and 5 guests