Firewall Rules for Exchange Server

Written by richard may
  • Share
  • Tweet
  • Share
  • Pin
  • Email
Firewall Rules for Exchange Server
Exchange requires rules to be configured on the firewall for e-mail sent via the Internet. (Neat Wire image by Richard Roberts from

Computer networks require firewalls to protect them from unauthorised access from hackers and to block the downloading of harmful computer programs. E-mail applications, such as Exchange Server, require firewalls to be configured to allow e-mail traffic to pass through them without compromising network security. Rules need to be applied to the firewall, so that legitimate connection requests do not get blocked.


Clients accessing mailboxes over the Internet may use the POP3---Point of Presence 3---protocol to receive their mail messages. Exchange 2010 requires firewall ports 110 and 995 open to allow TCP---

Transmission Control Protocol---traffic.


Similar to POP3, IMAP4---Internet Mail Access Protocol 4---allows users to download mail messages via an Internet connection. IMAP4 supports more features than POP3, such as allowing messages to be stored in multiple folders. Firewall ports 143, 993 need to allow TCP traffic to support IMAP4 connections.


Users working from home or from public networks---an Internet cafe for example---may use OWA---Outlook Web Application---to access their mail. TCP ports 5075, 5076 and 5077 need to be open on the firewall for Exchange to receive these connection requests.


In large organisations, Exchange Server can be installed across several remote sites. To ensure consistency, mailboxes are replicated across these sites. Firewalls need to be configured to allow the replication service to transmit and receive mailbox data. Port 808 must be open to TCP traffic to allow replication to occur.

Exchange Services

Exchange 2010 uses several services to monitor Exchange Servers and to understand the architecture of the Active Directory. These services, MSExchangeADTopologyService.exe, Monitoring.exe and ServiceHost.exe require firewall ports to allow RPC---Remote Procedure Calls---to pass through. The firewall needs to allow Dynamic RPC traffic in ports above 1024---each port is assigned dynamically by Exchange when required.

Edge Transport Server

The Edge Transport Server handles all mail traffic between the Exchange Server and the Internet and is typically located on the perimeter of the network. Its purpose is to limit the potential attack opportunities for hackers targeting Internet mail as an access point. The EdgeSyncSvc.exe service requires Dynamic RPC above port 1024 permitted on the firewall.

Don't Miss

  • All types
  • Articles
  • Slideshows
  • Videos
  • Most relevant
  • Most popular
  • Most recent

No articles available

No slideshows available

No videos available

By using the site, you consent to the use of cookies. For more information, please see our Cookie policy.