MailCleaner Network configuration

Sylvain Viart
Added over 9 years ago

For more information, please refer to Chapter 1 of the MailCleaner installation manual:

Network environment

Your MailCleaner server requires its own IP address and a hostname. The hostname must be resolvable through a DNS lookup. MailCleaner also needs access to several TCP and UDP ports. Make sure your firewall allows the following traffic:

From the Internet to MailCleaner:

  • TCP/22 (SSH): only from and (for MailCleaner support) - we cannot provide support if these ports are closed! Your machine will also fail to receive some out-of-schedule updates and some data feeds if this is closed.
  • TCP/25 (SMTP): from ANY or from a specific gateway
  • TCP/80 and TCP/443: only from and (for MailCleaner support)

If your MailCleaner is in a private subnet behind a firewall, please do not forget to configure the necessary NAT rules to forward traffic from the WAN to your MailCleaner server.

From MailCleaner to the Internet:

  • TCP/25 TCP (SMTP): to ANY or to a specific SMTP gateway
  • TCP/22 TCP (SSH): only to, and (the IP may change => (MailCleaner updates)
  • TCP/80 and TCP/443 TCP: to ANY or to a specific gateway
  • TCP/7 and TCP/2703 TCP (Razor): to ANY
  • TCP-UDP/53 (DNS): to ANY
  • UDP/24441 (Pyzor): to ANY
  • UDP/6277 (DCC): to ANY

If you plan on building a MailCleaner Cluster

(see chapter 5 for more information), make sure that traffic on the following protocols are allowed to pass between the different MailCleaner systems:

  • TCP/3306 and TCP/3307: database synchronization
  • TCP/22: MailCleaner internal synchronization
  • TCP/5132: web services
  • UDP/161 (SNMP): MailCleaner statistics

Support premium remote access to your MailCleaner

To allow our support team to connect to your MailCleaner please also allow this traffic on your Firewall:

From the Internet to MailCleaner: allow incoming traffic from our own IP ranges and

  • TCP/22 (SSH)
  • TCP/80 and TCP/443 (HTTP/S)

See also