Topic: Default open firewall ports

[guest22]

Hi all,

I've searched and looked, but cant seem to find it. Is there listing of all 'open' firewall ports available? (wiki, forums?) I've got a situation where there is another firewall in fron of SME Server and I have to indicate which ports have to be opened on this very strict firewall for normal SME gateway mode.

Thanks in advance and sorry if I missed this listing/command somewhere.
guest

[jahlewis]

An external nmap scan of my SME 7.2 server with everything enabled is (222 is my ssh port):

PORT     STATE  SERVICE
22/tcp   closed ssh
25/tcp   open   smtp
80/tcp   open   http
113/tcp  open   auth
222/tcp  open   rsh-spx
443/tcp  open   https
465/tcp  open   smtps
993/tcp  open   imaps
995/tcp  open   pop3s
1723/tcp open   pptp

[guest22]

Thanks, that helped.

guest

[jfarschman]

Hey,

  Is slapd not also open.  I just setup a firewall appliance to authenticate with the SME via LDAP and it appeared to work.

Code: [Select]

tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN      3875/slapd

[jahlewis]

These ports are on the external/public interface.  Do you want a list of the open ports on the inside/private interface?

[jfarschman]

My bad 

[CharlieBrady]

Is slapd not also open.

Not on the public interface, unless you have configured it so - which I wouldn't recommend.

I just setup a firewall appliance to authenticate with the SME via LDAP and it appeared to work.

Very unlikely, since SME's LDAP contains no authentication information.

[jfarschman]

Charlie,

  I do have this working. I can see it in the logfiles.  We have a system setup like this:

SME----Barracuda-----Internet

 1. Email comes in through the Barracuda Spamwall and is queued
 2. Barracuda queries the SME (either LDAP or SMTP for a 550 message) before screening for spam
 3. Appropriate email is forwarded to SME. Spam is quarantined or rejected outright.

Edb is working it too:
http://forums.contribs.org/index.php?topic=37844.0

[CharlieBrady]

2. Barracuda queries the SME (either LDAP or SMTP for a 550 message) before screening for spam

It's querying usernames, not authenticating. It cannot authenticate users - trust me.