Can i safely block all ports on my sever

Solution 1:

You will probably be ok, but you might be better off leaving a hole for your IP, just in case something goes wrong. You might also want to make sure you don't block connections from 127.0.0.1, as that is the localhost IP and may be necessary for internal services to connect to themselves to keep things working properly (it depends on what type of stuff you have running on the system).

As far as the ports you mention, here is what those are, you can close them if you don't use them:

SMTP: Email (Server to server or incoming) (needed to accept email if this server receives email for your domain)

POP3: Email clients (needed if this server has email clients that connect to it)

IMAP: Email clients (needed if this server has email clients that connect to it)

DNS: Domain Name services (needed if this server acts is the primary for the domains it hosts)

Good luck,

--jed

Solution 2:

A prudent approach would be to deny all connections by default, and only open up ports when they are demonstrated to be needed for some valid purpose.

Beware of being too unresponsive to user requests, though: make sure that when any user asks for a port to be opened that the user's request is heeded promptly, visibly, and seriously for all users to see, otherwise you'll just end up with a userbase working around the block list by tunnelling through the ports you do open.