Right, as Brian confirmed too, Windows 7 will handle all TCP/IP connections the same way as a server OS would, including email protocols. The difference is the number of connections to Windows resources (like file shares), and various server functionality like AD, IIS and DNS.

What can I do to work around failing port 25, 143 and 110 scans for the PCI compliance monitor using mercury on Windows Server 2012R2?

I can't just shut down the ports, obviously, and kinda lost for where to go from there.

Thanks 

Well, as you already have noted it's not possible to run a mail server without somehow accepting connections on email related ports. If PCI regulations forbid running a mail server on the server that is used for processing payment information you should probably consider moving email handling to another server. If on the other hand PCI compliance isn't required you could perhaps simply ignore the scan results.

It might furthermore be possible to circumvent the scan by having Mercury bind to some other ports and redirect ports 25, 143 and 110 from the firewall to those ports, or perhaps run Mercury in a virtual machine, but again you will have to consider if you need to comply with PCI regulations or not.

We do not necessarily need to strictly meet PCI standards for the sake of PCI, however, we do have to comply with HIPPA and HIPPA will look at the PCI reports and ask us why we didn't resolve the issues noted.

Mercury is running on a Hyper-V machine, actually.

I did try to run mercury 25 through 443, 110 through 994(I think) but I couldn't ever get anything to cross over.  

The trick with binding to different ports is that all traffic must be routed through a device (usually a firewall) that redirects incoming connections for port 25 to (for instance) port 50025 on the server, etc. It might be easier to run Mercury in a separate Hyper-V machine though. A server OS is not required if the VM is only used for Mercury.

[quote user="Rolf Lindby"]

The trick with binding to different ports is that all traffic must be routed through a device (usually a firewall) that redirects incoming connections for port 25 to (for instance) port 50025 on the server, etc. It might be easier to run Mercury in a separate Hyper-V machine though. A server OS is not required if the VM is only used for Mercury.

[/quote]

I was able to correct these issues with some firewall tactics today. I appreciate yalls help.

Can you elaborate on the last bit though about not needing a server OS? Could I load this up on a W7 pro box and use that server for other purposes?

[quote user="swalkerimc"]Can you elaborate on the last bit though about not needing a server OS? Could I load this up on a W7 pro box and use that server for other purposes?[/quote]

FWIW, I have a retired desktop PC (Win7) that sits in the server room doing nothing but running Mercury and POPFile.  The mailboxes reside on a Win2008 server.  I closed port 25 at the firewall and provide approved relayers with configuration instructions which include the alternate port number.