Prolateral Consulting Ltd
Prolateral Consulting Ltd
Support
Support
Knowledgebase Articles
Help
Setup examples
Support

Prolateral offers primary and backup domain (DNS) services, with servers in key geographic locations providing the best service possible.

What ports does MS Exchange use?

Problem

What ports does MS Exchange use?
Which TCP/UDP ports are used by Microsoft Exchange?

Solution

This knowledgebase articles details the TCP and UDP ports used by MS Exchange 2003, 2007, 2010, 2013, 2016 and 2019.

Microsoft Exchange is a Windows Server based Mail Server and Calendar Server. Full feature access to MS Exchange can be achieved either by the Email Client (Microsoft Outlook) or WebMail (Exchange WebAccess). Exchange also supports IMAP and POP email client access. Below is a list of all the ports that MS Exchange uses and why. This information is useful when trying to setup firewall rules for the border exchange services (Transport Hub & Services).

Scientist on left saying, "Looking for a list of ports for Microsoft Exchange"
ProtocolPacket TypePortDescription
LDAP TCP 389 Lightweight Directory Access Protocol (LDAP), used by Active Directory, Active Directory Connector, and the Microsoft Exchange Server 5.5 directory.
  TCP 379 The Site Replication Service (SRS) uses TCP port 379.
  TCP 390 While not a standard LDAP port, TCP port 390 is the recommended alternate port to configure the Exchange Server 5.5 LDAP protocol when Exchange Server 5.5 is running on a Microsoft Windows Active Directory domain controller.
  TCP 3268 Global catalog. The Windows Active Directory global catalog (which is really a domain controller "role") listens on TCP port 3268. When you are troubleshooting issues that may be related to a global catalog, connect to port 3268 in LDP.
LDAP/SSL TCP 636 LDAP over Secure Sockets Layer (SSL). When SSL is enabled, LDAP data that is transmitted and received is encrypted.
  TCP 3269 Global catalog over SSL. Applications that connect to TCP port 3269 of a global catalog server can transmit and receive SSL encrypted data. To configure a global catalog to support SSL, you must install a Computer certificate on the global catalog.
IMAP TCP 143 Internet Message Access Protocol (IMAP), may be used by "standards-based" clients such as Microsoft Outlook Express, Live Mail, Mobile Devices to access the e-mail server. On early versions of Exchange IMAP4 ran on top of the Microsoft Internet Information Service (IIS) Admin Service and enables client access to the Exchange Information Store. On more recent versions of Exchange IMAP4 runs as two services (Microsoft Exchange IMAP and Microsoft Exchange IMAP Backend).
IMAP/SSL TCP 993 IMAP4 over SSL uses TCP port 993. Before an Exchange server supports IMAP4 (or any other protocol) over SSL, you must install a trusted SSL certificate on the Exchange server. This can be a self-signed certificate or a purchased signed certificate
POP3 TCP 110 Post Office Protocol (POP3), enables "standards-based" clients such as Outlook Express, Windows Mail, Live Mail and other POP3 enabled mail clients to access the e-mail server. As with IMAP4, in early versions of Exchange POP3 ran on top of the IIS Admin Service, and enables client access to the Exchange Information store. On more recent versions of Exchange POP3 runs as two services (Microsoft Exchange POP3 and Microsoft Exchange POP3 Backend).
POP3/SSL TCP 995 POP3 over SSL uses TCP port 995.
NNTP Pointing Finger with speech saying, "Need a Send Connector for Exchange, Keep scrolling down" TCP 119 Network News Transport Protocol (NNTP), sometimes called Usenet protocol, enables client access to public folders in the Information store. As with IMAP4 and POP3, NNTP runs on top of the IIS Admin Service.
NNTP/SSL TCP 563 NNTPS over SSL uses TCP port 563.
HTTP TCP 80

Hyper-Text Transfer Protocol is the protocol used by IIS but Exchange Server adds a back end to IIS for mostly servicing requests under HTTPS.  However the below requests are handled by HTTP :

  • AutoDiscover.  This is fallback when HTTPS isn't available
  • Outlook WebAccess (OWA).  Usually a redirect to HTTPS OWA
  • Unencrypted connections if Exchange has been configured to do so.
HTTP/SSL TCP 443

HTTPS over SSL.  Technically the HTTPS port is part of IIS but Microsoft Exchange adds an addition site to IIS called "Exchange Back End".  This site will service the following Exchange Requests:

  • Autodiscover service
  • Exchange ActiveSync
  • Exchange Web Services (EWS)
  • Offline address book (OAB) distribution
  • Outlook Anywhere (RPC over HTTP)
  • Outlook MAPI over HTTP
  • Outlook WebAccess (OWA) aka Webmail
SMTP TCP 25 Simple Mail Transfer Protocol (SMTP) is the foundation for all e-mail transport in Exchange. The SMTP Service (SMTPSvc) runs on top of the IIS Admin Service. Unlike IMAP4, POP3, NNTP, and HTTP, SMTP in Exchange does not use a separate port for secure communication (SSL), but uses a security sub-system called Transport Layer Security (TLS). Send Connectors and Receive Connectors can be configured for incoming mail and outgoing SMTP emails. Services like outMail are useful services to relay outbound SMTP messages.
SMTP/SSL TCP 465 SMTP over SSL. TCP port 465 is reserved by common industry practice for secure SMTP communication using the SSL protocol. However SMTP typically still uses port 25 and use TLS for its security layer. Send Connectors and Receive Connectors can be configured for incoming and outgoing SMTP emails.
SMTP/LSA TCP 691 The Microsoft Exchange Routing Engine (RESvc) listens for routing link state information on TCP port 691. Exchange uses routing link state information to route messages and the routing table is constantly updated.
X.400 TCP 102 TCP port 102 is the port that the Exchange message transfer agent (MTA) uses to communicate with other X.400-capable MTAs.
MS-RPC TCP 135 Microsoft Remote Procedure Call is a Microsoft implementation of remote procedure calls (RPCs). TCP port 135 is actually only the RPC Locator Service, which is like the registrar for all RPC-enabled services that run on a particular server. In Exchange 2000, the Routing Group Connector uses RPC instead of SMTP when the target bridgehead server is running Exchange 5.5. Also, some administrative operations require RPC. To configure a firewall to enable RPC traffic, many more ports than just 135 must be enabled.
ULS TCP 522 User Locator Service (ULS) is a type of Internet directory service for conferencing clients, such as NetMeeting. Exchange 2000 Server and Exchange 2000 Conferencing Server do not implement a ULS, but rather take advantage of Active Directory for directory services (by TCP port 389).
DNS UDP/TCP 53 Domain Name System (DNS) is at the heart of all of the services and functions of Windows Active Directory and Exchange Server.
Looking for a send connector for MS Exchange?

outMail is an outbound SMTP send connector you can rely on, with great customer satisfaction.

  • Microsoft Exchange, all versions - up to and including 2019
  • Authenticated SMTP
  • Support for SPF & DKIM
  • Easy setup

What are you waiting for? Give it a try today.

Go on, You know you want to...

Looking for the IP Addresses...

Above in this article is a full list of the ports used by MS Exchange but if you're looking for the IP Addresses used by the services below then please see the relevant article.

Related Articles

like it, love it, then share it. Share this article on social media.

Did you enjoy this article?

Disclaimer

The Origin of this information may be internal or external to Prolateral Consulting Ltd. Prolateral makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Prolateral makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.