Windows Server 2012 R2: closing smtp/pop3/imap ports (or deactivating the related services)
I see three options here:
- Your firewall is misconfigured. Don't worry, it happens to the best of us. Good on you for testing!
- One do your network adapters is using a different network profile than your desired firewall profile. Network Location Awareness can sometimes play into this as well.
- NMap is erroneously detecting open ports. I have seen this happen rarely when testing from behind certain draconian firewall/proxy/IDS implementations.
You should confirm with that services actually are listening on those ports with a netstat -ab
and then narrow the scope of your troubleshooting from there. Is it possible that you have additional Windows Features that you need to uninstall?
Related videos on Youtube
Rul3r
Updated on September 18, 2022Comments
-
Rul3r almost 2 years
I am running a Windows Server 2012 R2. At the moment, I want to improve the security of my server, so I am looking for services (and open ports), that are not needed.
I disabled nearly every server role, except IIS (I need the IIS).
The windows firewall is configured so that every inbound/outbound connection without a rule, is automatically blocked.
I have created only some rules for port 80,443 and the remote-desktop-port. All other rules are deactivated (or set to private profile), hence there are no rules for other ports/protocols/services on my public network, and therefore, there shouldn't exist open ports.
But if I scan my server with nmap (tcp connect scan), there are some open ports. For example:
25/tcp open smtp 80/tcp open http 110/tcp open pop3 119/tcp open nntp 143/tcp open imap 465/tcp open smtps 563/tcp open snews 587/tcp open submission 993/tcp open imaps 995/tcp open pop3s 3389/tcp open rdp
I do not need pop,imap and the other services (except RDP 3389).
Now I have some questions: 1. How could it be possible that the ports are shown as open, if the firewall should block all ports wihtout rules (the ports above have no rules)? 2. With netstat -anop tcp I looked up which services are listening on this ports. It is the system-service. But why is the system-service listening on this ports and how could I stop the service from doing so?
-
Rul3r about 10 yearsOh, an answer :DThe firewall-profiles are okay. I have a private profile for my vpn-adapter and a public profile for the internet-adapter. The curoius thing is, when I am using the private profile on the internet-adapter, the ports are not open. in the public profile are only the ports 80/443 and the vpn port opnened. It's the system-service that is listening on this port. All unused server-features/services are deactivated. Only the IIS is installed (with asp.net components)