Bu yazı 2 yıl 16 gün önce eklendi. Bilginin güncelliği konusunda emin olmadan lütfen sisteminizde denemeyeniz.Mailbox Servers
| Data path | Required ports | Default authentication | Supported authentication | Encryption supported? | Encrypted by default? |
| Active Directory access | 389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) | Kerberos | Kerberos | Yes, using Kerberos encryption | Yes |
| Admin remote access (Remote Registry) | 135/TCP (RPC) | NTLM/Kerberos | NTLM/Kerberos | Yes, using IPsec | No |
| Admin remote access (SMB/File) | 445/TCP (SMB) | NTLM/Kerberos | NTLM/Kerberos | Yes, using IPsec | No |
| Availability Web service (Client Access to Mailbox) | 135/TCP (RPC) | NTLM/Kerberos | NTLM/Kerberos | Yes, using RPC encryption | Yes |
| Clustering | 135/TCP (RPC) See Notes on Mailbox Servers after this table. | NTLM/Kerberos | NTLM/Kerberos | Yes, using IPsec | No |
| Content indexing | 135/TCP (RPC) | NTLM/Kerberos | NTLM/Kerberos | Yes, using RPC encryption | Yes |
| Log shipping | 64327 (customizable) | NTLM/Kerberos | NTLM/Kerberos | Yes | No |
| Seeding | 64327 (customizable) | NTLM/Kerberos | NTLM/Kerberos | Yes | No |
| Volume shadow copy service (VSS) backup | Local Message Block (SMB) | NTLM/Kerberos | NTLM/Kerberos | No | No |
| Mailbox Assistants | 135/TCP (RPC) | NTLM/Kerberos | NTLM/Kerberos | No | No |
| MAPI access | 135/TCP (RPC) | NTLM/Kerberos | NTLM/Kerberos | Yes, using RPC encryption | Yes |
| Microsoft Exchange Active Directory Topology service access | 135/TCP (RPC) | NTLM/Kerberos | NTLM/Kerberos | Yes, using RPC encryption | Yes |
| Microsoft Exchange System Attendant service legacy access (Listen to requests) | 135/TCP (RPC) | NTLM/Kerberos | NTLM/Kerberos | No | No |
| Microsoft Exchange System Attendant service legacy access to Active Directory | 389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) | Kerberos | Kerberos | Yes, using Kerberos encryption | Yes |
| Microsoft Exchange System Attendant service legacy access (As MAPI client) | 135/TCP (RPC) | NTLM/Kerberos | NTLM/Kerberos | Yes, using RPC encryption | Yes |
| Offline address book (OAB) accessing Active Directory | 135/TCP (RPC) | Kerberos | Kerberos | Yes, using RPC encryption | Yes |
| Outlook accessing OAB | 80/TCP, 443/TCP (SSL) | NTLM/Kerberos | NTLM/Kerberos | Yes, using HTTPS | No |
| Recipient Update Service RPC access | 135/TCP (RPC) | Kerberos | Kerberos | Yes, using RPC encryption | Yes |
| Recipient update to Active Directory | 389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) | Kerberos | Kerberos | Yes, using Kerberos encryption | Yes |
Client Access Servers
| Data path | Required ports | Default authentication | Supported authentication | Encryption supported? | Encrypted by default? |
| Active Directory access | 389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) | Kerberos | Kerberos | Yes, using Kerberos encryption | Yes |
| Autodiscover service | 80/TCP, 443/TCP (SSL) | Basic/Integrated Windows authentication (Negotiate) | Basic, Digest, NTLM, Negotiate (Kerberos) | Yes, using HTTPS | Yes |
| Availability service | 80/TCP, 443/TCP (SSL) | NTLM/Kerberos | NTLM, Kerberos | Yes, using HTTPS | Yes |
| Outlook Web App | 80/TCP, 443/TCP (SSL) | Forms Based Authentication | Basic, Digest, Forms Based Authentication, NTLM (v2 only), Kerberos, Certificate | Yes, using HTTPS | Yes, using a self-signed certificate |
| POP3 | 110/TCP (TLS), 995/TCP (SSL) | Basic, Kerberos | Basic, Kerberos | Yes, using SSL, TLS | Yes |
| IMAP4 | 143/TCP (TLS), 993/TCP (SSL) | Basic, Kerberos | Basic, Kerberos | Yes, using SSL, TLS | Yes |
| Outlook Anywhere (formerly known as RPC over HTTP ) | 80/TCP, 443/TCP (SSL) | Basic | Basic or NTLM | Yes, using HTTPS | Yes |
| Exchange ActiveSync application | 80/TCP, 443/TCP (SSL) | Basic | Basic, Certificate | Yes, using HTTPS | Yes |
| Client Access server to Unified Messaging server | 5060/TCP, 5061/TCP, 5062/TCP, a dynamic port | By IP address | By IP address | Yes, using Session Initiation Protocol (SIP) over TLS | Yes |
| Client Access server to a Mailbox server that is running an earlier version of Exchange Server | 80/TCP, 443/TCP (SSL) | NTLM/Kerberos | Negotiate (Kerberos with fallback to NTLM or optionally Basic,) POP/IMAP plain text | Yes, using IPsec | No |
| Client Access server to Exchange 2010 Mailbox server | RPC. See Notes on Client Access Servers. | Kerberos | NTLM/Kerberos | Yes, using RPC encryption | Yes |
| Client Access server to Client Access server (Exchange ActiveSync) | 80/TCP, 443/TCP (SSL) | Kerberos | Kerberos, Certificate | Yes, using HTTPS | Yes, using a self-signed certificate |
| Client Access server to Client Access server (Outlook Web Access) | 80/TCP, 443/TCP (HTTPS) | Kerberos | Kerberos | Yes, using SSL | Yes |
| Client Access server to Client Access server (Exchange Web Services) | 443/TCP (HTTPS) | Kerberos | Kerberos | Yes, using SSL | Yes |
| Client Access server to Client Access server (POP3) | 995 (SSL) | Basic | Basic | Yes, using SSL | Yes |
| Client Access server to Client Access server (IMAP4) | 993 (SSL) | Baisc | Basic | Yes, using SSL | Yes |
Unified Messaging Servers
| Data path | Required ports | Default authentication | Supported authentication | Encryption supported? | Encrypted by default? |
| Active Directory access | 389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) | Kerberos | Kerberos | Yes, using Kerberos encryption | Yes |
| Unified Messaging Phone interaction (IP PBX/VoIP Gateway) | 5060/TCP , 5065/TCP, 5067/TCP (unsecured), 5061/TCP, 5066/TCP, 5068/TCP (secured), a dynamic port from the range 16000-17000/TCP (control), dynamic UDP ports from the range 1024-65535/UDP (RTP) | By IP address | By IP address, MTLS | Yes, using SIP/TLS, SRTP | No |
| Unified Messaging Web Service | 80/TCP, 443/TCP (SSL) | Integrated Windows authentication (Negotiate) | Basic, Digest, NTLM, Negotiate (Kerberos) | Yes, using SSL | Yes |
| Unified Messaging server to Client Access server | 5075, 5076, 5077 (TCP) | Integrated Windows authentication (Negotiate) | Basic, Digest, NTLM, Negotiate (Kerberos) | Yes, using SSL | Yes |
| Unified Messaging server to Client Access server (Play on Phone) | Dynamic RPC | NTLM/Kerberos | NTLM/Kerberos | Yes, using RPC encryption | Yes |
| Unified Messaging server to Hub Transport server | 25/TCP (TLS) | Kerberos | Kerberos | Yes, using TLS | Yes |
| Unified Messaging server to Mailbox server | 135/TCP (RPC) | NTLM/Kerberos | NTLM/Kerberos | Yes, using RPC encryption | Yes |
Transport Servers
| Data path | Required Ports | Default authentication | Supported authentication | Encryption supported? | Encrypted by default? |
| Hub Transport server to Hub Transport server | 25/TCP (SMTP) | Kerberos | Kerberos | Yes, using Transport Layer Security (TLS) | Yes |
| Hub Transport server to Edge Transport server | 25/TCP (SMTP) | Direct trust | Direct trust | Yes, using TLS | Yes |
| Edge Transport server to Hub Transport server | 25/TCP (SMTP) | Direct trust | Direct trust | Yes, using TLS | Yes |
| Edge Transport server to Edge Transport server | 25/TCP SMTP | Anonymous, Certificate | Anonymous, Certificate | Yes, using TLS | Yes |
| Mailbox server to Hub Transport server via the Microsoft Exchange Mail Submission Service | 135/TCP (RPC) | NTLM. If the Hub Transport and the Mailbox server roles are on the same server, Kerberos is used. | NTLM/Kerberos | Yes, using RPC encryption | Yes |
| Hub Transport to Mailbox server via MAPI | 135/TCP (RPC) | NTLM. If the Hub Transport and the Mailbox server roles are on the same server, Kerberos is used. | NTLM/Kerberos | Yes, using RPC encryption | Yes |
| Unified Messaging server to Hub Transport server | 25/TCP (SMTP) | Kerberos | Kerberos | Yes, using TLS | Yes |
| Microsoft Exchange EdgeSync service from Hub Transport server to Edge Transport server | 50636/TCP (SSL) | Basic | Basic | Yes, using LDAP over SSL (LDAPS) | Yes |
| Active Directory access from Hub Transport server | 389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) | Kerberos | Kerberos | Yes, using Kerberos encryption | Yes |
| Active Directory Rights Management Services (AD RMS) access from Hub Transport server | 443/TCP (HTTPS) | NTLM/Kerberos | NTLM/Kerberos | Yes, using SSL | Yes* |
| SMTP clients to Hub Transport server (for example, end-users using Windows Live Mail) | 587 (SMTP)25/TCP (SMTP) | NTLM/Kerberos | NTLM/Kerberos | Yes, using TLS | Yes |
Thanks for sharing. Share is caring after all.