More on Securing Your Exchange Server Implementation

Well, I must begin by pointing out a couple mistakes in last week’s

column on the subject of securing your Exchange Server. Something I noticed immediately when I received last week’s column was the incorrect NNTP port. NTTP services are on port 119, and POP3 services are on port 110. Several readers also caught this mistake.

The next error is more subtle; I missed the error until reader David Sengupta kindly (and most graciously) pointed it out. The error involves the SMTP EXPN and VRFY commands. The Request for Comments (RFC) 821 provides for these commands but doesn't make them a requirement when implementing an SMTP service. I'm still researching the history and extent of Microsoft’s support of these SMTP commands in the Exchange Internet Mail Service (IMS). However, it's certain that Microsoft chose not to support the EXPN command because of the security risks. (See Microsoft Support Online article Q175842. IMS supports the VRFY command with the addition of a Registry DWORD key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMSExchangeIMCParametersEnableVRFY set to 1. However, this detail is fairly obscure and you won't find it in most Exchange Server implementations. Therefore, the security risks are minimal. Exchange Server and other software products are vulnerable simply because of how TCP and UDP work. Servers must listen on certain ports to provide services to clients when they request them. However, most Exchange environments are inherently secure because of the infrastructure already in place. I trust that last week’s column caused you only to think and didn't create unnecessary alarm. I've listed some of the most common TCP ports for Exchange Server below. For a complete discussion, see Microsoft Support Online article Q176466.

  - RPC: 135 & 137

  - POP3: 110

  - IMAP: 143 (Secure IMAP: 993)

  - SMTP: 25

  - LDAP: 389 (Secure LDAP: 636)

  - NNTP: 119

I'd like to close this week’s column with heartfelt thanks from all of us at Exchange Server UPDATE. Since our first edition last March, this email newsletter has enjoyed tremendous success, with the newsletter reaching more than 50,000 subscribers each week. It's been a pleasure and privilege for me to have your ear from week to week as we discuss important topics for Microsoft Exchange Server for us as consultants, administrators, and implementers. We thank you for your readership and great feedback and response in 1999. As we look forward to the year 2000 with Windows 2000 (Win2K) and Exchange 2000 ahead of us, I wish you and yours the richest of blessings and cheer this holiday season.