How to Open Port

Tutorials Win: Microsoft Windows Forum

I need to open port 995 (SSL) to get pop3 mail from an external mail server.
I have SBS 2003 standard edition. I have open an exception in the Windows Xp
client firewall for port 995. I added a port/service in the basic firewall on
the server but don't know if I conifgured it right eg; in port, ip address,
out port....I appreciate your help.
Top

Re: How to Open Port by Lanwench

Lanwench
Thu Mar 27 20:31:32 PDT 2008

MikeG <MikeG@discussions.microsoft.com> wrote:
> I need to open port 995 (SSL) to get pop3 mail from an external mail
> server. I have SBS 2003 standard edition. I have open an exception in
> the Windows Xp client firewall for port 995. I added a port/service
> in the basic firewall on the server but don't know if I conifgured it
> right eg; in port, ip address, out port....I appreciate your help.

If you aren't using ISA, this is something you do in your firewall
appliance. The Windows firewall doesn't block outbound ports. And unless
you're blocking outbound ports in your firewall appliance (which most small
offices don't, at least not from the server) you should be able to POP your
mail now, as is.

My question is, why would you be using your SBS server as a POP client for
an externally hosted server? This is not a good thing....


Top

Re: How to Open Port by MikeG

MikeG
Fri Mar 28 07:25:04 PDT 2008

Thanks for your response, good question, I have 2 domain names for email. My
primary domain uses SBS Exhange Server Mail. It works great. My secondary
domain does not.

I have one client on my SBS network that needs to get through my firewalls
to download email from a external webhost mail server using a secured
connection (incoming port 995 SSL and ougoing port 465). I can send mail and
I can download using Port 110 but not using port 995.

My webhost gave me the configuration for my oulook client but I'm wondering
if this may be a certificate issue and not a firewall issue? I get an error
message that says the connection has been interrupted when I try to get my
emails using the 995 SSL port, contact etc etc

"Lanwench [MVP - Exchange]" wrote:

> MikeG <MikeG@discussions.microsoft.com> wrote:
> > I need to open port 995 (SSL) to get pop3 mail from an external mail
> > server. I have SBS 2003 standard edition. I have open an exception in
> > the Windows Xp client firewall for port 995. I added a port/service
> > in the basic firewall on the server but don't know if I conifgured it
> > right eg; in port, ip address, out port....I appreciate your help.
>
> If you aren't using ISA, this is something you do in your firewall
> appliance. The Windows firewall doesn't block outbound ports. And unless
> you're blocking outbound ports in your firewall appliance (which most small
> offices don't, at least not from the server) you should be able to POP your
> mail now, as is.
>
> My question is, why would you be using your SBS server as a POP client for
> an externally hosted server? This is not a good thing....
>
>
>
Top

Re: How to Open Port by Lanwench

Lanwench
Fri Mar 28 08:33:03 PDT 2008

MikeG <MikeG@discussions.microsoft.com> wrote:
> Thanks for your response, good question, I have 2 domain names for
> email. My primary domain uses SBS Exhange Server Mail. It works
> great. My secondary domain does not.

Well, you can certainly fix that easily enough. Don't use POP. POP
connectors are a great big kluge, to quote one of our more colorful Exchange
MVPs.

http://www.msexchange.org/tutorials/MF010.html
>
> I have one client on my SBS network that needs to get through my
> firewalls to download email from a external webhost mail server using
> a secured connection (incoming port 995 SSL and ougoing port 465). I
> can send mail and I can download using Port 110 but not using port
> 995.
>
> My webhost gave me the configuration for my oulook client but I'm
> wondering if this may be a certificate issue and not a firewall
> issue? I get an error message that says the connection has been
> interrupted when I try to get my emails using the 995 SSL port,
> contact etc etc

If you're using the SBS POP connector, I can't help you, sorry.
>
> "Lanwench [MVP - Exchange]" wrote:
>
>> MikeG <MikeG@discussions.microsoft.com> wrote:
>>> I need to open port 995 (SSL) to get pop3 mail from an external mail
>>> server. I have SBS 2003 standard edition. I have open an exception
>>> in the Windows Xp client firewall for port 995. I added a
>>> port/service in the basic firewall on the server but don't know if
>>> I conifgured it right eg; in port, ip address, out port....I
>>> appreciate your help.
>>
>> If you aren't using ISA, this is something you do in your firewall
>> appliance. The Windows firewall doesn't block outbound ports. And
>> unless you're blocking outbound ports in your firewall appliance
>> (which most small offices don't, at least not from the server) you
>> should be able to POP your mail now, as is.
>>
>> My question is, why would you be using your SBS server as a POP
>> client for an externally hosted server? This is not a good thing....



Top

Re: How to Open Port by MikeG

MikeG
Fri Mar 28 10:50:01 PDT 2008

I don't use the SBS POP Connector and probably never will...I don't want the
email for my secondary domain mixed in with my SBS Exchange Server mail. I
may be in the wrong forum for this question?....sorry for the confusion.


"Lanwench [MVP - Exchange]" wrote:

> MikeG <MikeG@discussions.microsoft.com> wrote:
> > Thanks for your response, good question, I have 2 domain names for
> > email. My primary domain uses SBS Exhange Server Mail. It works
> > great. My secondary domain does not.
>
> Well, you can certainly fix that easily enough. Don't use POP. POP
> connectors are a great big kluge, to quote one of our more colorful Exchange
> MVPs.
>
> http://www.msexchange.org/tutorials/MF010.html
> >
> > I have one client on my SBS network that needs to get through my
> > firewalls to download email from a external webhost mail server using
> > a secured connection (incoming port 995 SSL and ougoing port 465). I
> > can send mail and I can download using Port 110 but not using port
> > 995.
> >
> > My webhost gave me the configuration for my oulook client but I'm
> > wondering if this may be a certificate issue and not a firewall
> > issue? I get an error message that says the connection has been
> > interrupted when I try to get my emails using the 995 SSL port,
> > contact etc etc
>
> If you're using the SBS POP connector, I can't help you, sorry.
> >
> > "Lanwench [MVP - Exchange]" wrote:
> >
> >> MikeG <MikeG@discussions.microsoft.com> wrote:
> >>> I need to open port 995 (SSL) to get pop3 mail from an external mail
> >>> server. I have SBS 2003 standard edition. I have open an exception
> >>> in the Windows Xp client firewall for port 995. I added a
> >>> port/service in the basic firewall on the server but don't know if
> >>> I conifgured it right eg; in port, ip address, out port....I
> >>> appreciate your help.
> >>
> >> If you aren't using ISA, this is something you do in your firewall
> >> appliance. The Windows firewall doesn't block outbound ports. And
> >> unless you're blocking outbound ports in your firewall appliance
> >> (which most small offices don't, at least not from the server) you
> >> should be able to POP your mail now, as is.
> >>
> >> My question is, why would you be using your SBS server as a POP
> >> client for an externally hosted server? This is not a good thing....
>
>
>
>
Top

Re: How to Open Port by Joe

Joe
Fri Mar 28 12:31:07 PDT 2008

MikeG wrote:
> I don't use the SBS POP Connector and probably never will...I don't want the
> email for my secondary domain mixed in with my SBS Exchange Server mail. I
> may be in the wrong forum for this question?....sorry for the confusion.
>
>
The confusion is probably over exactly what you need. POP3 is a
collection, or 'pull', protocol, and the initial connection to port 995
is outbound. Replies do not come to a port 995 within your network.
Apart from ISA, most firewalls do not need any configuration to initiate
connections from inside, nor for the replies to those connections. For a
one-NIC SBS, or a two-NIC SBS that does not run ISA, there will be no
configuration at all necessary.

The standard XP firewall works like most, and does not restrict outgoing
connections or replies to them. You imply you have a two-NIC SBS,
Standard, without ISA.

Presumably you can collect email for this account from other locations.
Is it possible to temporarily connect a PC to the router, to see if
things work from there? This will narrow down the problem into either
SBS-related or client/router/ISP-related. If this is not practical, then
using Network Monitor (not installed by default, it is a Windows
Component) you should be able to see if requests pass out through the
SBS and whether any replies are received. Ideally, if your router can
log traffic, this could show much the same thing, but more easily.
Top

Re: How to Open Port by MikeG

MikeG
Fri Mar 28 20:56:00 PDT 2008

Very Helpful...see comments below

"Joe" wrote:

> MikeG wrote:
> > I don't use the SBS POP Connector and probably never will...I don't want the
> > email for my secondary domain mixed in with my SBS Exchange Server mail. I
> > may be in the wrong forum for this question?....sorry for the confusion.
> >
> >
> The confusion is probably over exactly what you need. POP3 is a
> collection, or 'pull', protocol, and the initial connection to port 995
> is outbound. Replies do not come to a port 995 within your network.
> Apart from ISA, most firewalls do not need any configuration to initiate
> connections from inside, nor for the replies to those connections. For a
> one-NIC SBS, or a two-NIC SBS that does not run ISA, there will be no
> configuration at all necessary.

----Thanks for explaining this...my ignorance about how POP3 works (port
995) led to the confusing questions in my previous posts.

The standard XP firewall works like most, and does not restrict outgoing
> connections or replies to them. You imply you have a two-NIC SBS,
> Standard, without ISA.

----Yes, I have two Nics.
>
> Presumably you can collect email for this account from other locations.

----Yes, I can collect email from other locations using port 995.

> Is it possible to temporarily connect a PC to the router, to see if
> things work from there? This will narrow down the problem into either
> SBS-related or client/router/ISP-related.

----Yes, I did this from a laptop that was not connected to SBS network but
was connected to my switch which connects to my Router. I was able to get
email.

If this is not practical, then
> using Network Monitor (not installed by default, it is a Windows
> Component) you should be able to see if requests pass out through the
> SBS and whether any replies are received. Ideally, if your router can
> log traffic, this could show much the same thing, but more easily.

-----It appears that something in windows SBS network is breaking the
connection???
Top

Re: How to Open Port by Lanwench

Lanwench
Mon Mar 31 07:43:55 PDT 2008

MikeG <MikeG@discussions.microsoft.com> wrote:
> I don't use the SBS POP Connector and probably never will...I don't
> want the email for my secondary domain mixed in with my SBS Exchange
> Server mail. I may be in the wrong forum for this question?....sorry
> for the confusion.

Sorry, I misread your post. If you're using ISA, make sure to specifiy that,
as otherwise this is not going to be SBS related at all.

Remember that if you've got a client who is downloading POP mail into
anything but a PST file, you *are* "mixing in" mail for your secondary
domain with the Exchange server - and through a far less secure or
manageable means.

....and PST files are BAD.....
See
http://www.exchangefaq.org/faq/Exchange-5.5/Why-PST-=-BAD-/q/Why-PST-=-BAD/qid/1209

>
>
> "Lanwench [MVP - Exchange]" wrote:
>
>> MikeG <MikeG@discussions.microsoft.com> wrote:
>>> Thanks for your response, good question, I have 2 domain names for
>>> email. My primary domain uses SBS Exhange Server Mail. It works
>>> great. My secondary domain does not.
>>
>> Well, you can certainly fix that easily enough. Don't use POP. POP
>> connectors are a great big kluge, to quote one of our more colorful
>> Exchange MVPs.
>>
>> http://www.msexchange.org/tutorials/MF010.html
>>>
>>> I have one client on my SBS network that needs to get through my
>>> firewalls to download email from a external webhost mail server
>>> using a secured connection (incoming port 995 SSL and ougoing port
>>> 465). I can send mail and I can download using Port 110 but not
>>> using port 995.
>>>
>>> My webhost gave me the configuration for my oulook client but I'm
>>> wondering if this may be a certificate issue and not a firewall
>>> issue? I get an error message that says the connection has been
>>> interrupted when I try to get my emails using the 995 SSL port,
>>> contact etc etc
>>
>> If you're using the SBS POP connector, I can't help you, sorry.
>>>
>>> "Lanwench [MVP - Exchange]" wrote:
>>>
>>>> MikeG <MikeG@discussions.microsoft.com> wrote:
>>>>> I need to open port 995 (SSL) to get pop3 mail from an external
>>>>> mail server. I have SBS 2003 standard edition. I have open an
>>>>> exception in the Windows Xp client firewall for port 995. I added
>>>>> a port/service in the basic firewall on the server but don't know
>>>>> if I conifgured it right eg; in port, ip address, out port....I
>>>>> appreciate your help.
>>>>
>>>> If you aren't using ISA, this is something you do in your firewall
>>>> appliance. The Windows firewall doesn't block outbound ports. And
>>>> unless you're blocking outbound ports in your firewall appliance
>>>> (which most small offices don't, at least not from the server) you
>>>> should be able to POP your mail now, as is.
>>>>
>>>> My question is, why would you be using your SBS server as a POP
>>>> client for an externally hosted server? This is not a good
>>>> thing....



Top