MailCleaner Network configuration

Sylvain Viart
Added almost 4 years ago

For more information, please refer to Chapter 1 of the MailCleaner installation manual:
https://www.mailcleaner.net/downloads/MailCleaner-installation.pdf

Network environment

Your MailCleaner server requires its own IP address and a hostname. The hostname must be resolvable through a DNS lookup. MailCleaner also needs access to several TCP and UDP ports. Make sure your firewall allows the following traffic:

From the Internet to MailCleaner:

  • TCP/22 (SSH): only from 195.176.194.0/24 and 193.246.63.0/24 (for MailCleaner support) - we cannot provide support if these ports are closed!
  • TCP/25 (SMTP): from ANY or from a specific gateway
  • TCP/80 and TCP/443: only from 195.176.194.0/24 and 193.246.63.0/24 (for MailCleaner support)

If your MailCleaner is in a private subnet behind a firewall, please do not forget to configure the necessary NAT rules to forward traffic from the WAN to your MailCleaner server.

VERY IMPORTANT
From MailCleaner to the Internet:

  • TCP/25 TCP (SMTP): to ANY or to a specific SMTP gateway
  • TCP/22 TCP (SSH): only to 195.176.194.0/24, 193.246.63.0/24 and team07.mailcleaner.net (the IP may change => 91.134.224.6) (MailCleaner updates)
  • TCP/80 and TCP/443 TCP: to ANY or to a specific gateway
  • TCP/7 and TCP/2703 TCP (Razor): to ANY
  • TCP-UDP/53 (DNS): to ANY
  • UDP/24441 (Pyzor): to ANY
  • UDP/6277 (DCC): to ANY

If you plan on building a MailCleaner Cluster

(see chapter 5 for more information), make sure that traffic on the following protocols are allowed to pass between the different MailCleaner systems:

  • TCP/3306 and TCP/3307: database synchronization
  • TCP/22: MailCleaner internal synchronization
  • TCP/5132: web services
  • UDP/161 (SNMP): MailCleaner statistics

Support premium remote access to your MailCleaner

To allow our support team to connect to your MailCleaner please also allow this traffic on your Firewall:

From the Internet to MailCleaner: allow incoming traffic from our own IP ranges 195.176.194.0/24 and 193.246.63.0/24

  • TCP/22 (SSH)
  • TCP/80 and TCP/443 (HTTP/S)

See also