The provided firewall rules list is a minimal mandatory list of rules for proper functioning of MailSecure services
In the future, the below list can be changed/updated.
Global inbound rules
Port | From | Note |
25 | Any | SMTP incoming email traffic. |
80 | Any | Mailsecure web interface. Optional. You can set up a firewall to allow specific IP addresses. |
443 | Any | Mailsecure web interface. Optional. You can set up a firewall to allow specific IP addresses. |
587 | Any | Mailsecure SMTP relay Needed only if you're using Mailsecure as a relay. Optional. You can set up a firewall to allow specific IP addresses of your SMTP servers with sending email using Mailsecure as relay. |
22 25 80 443 587 | 95.111.251.149 212.150.108.5 62.0.131.49 34.241.235.156 | VPN addresses used by the support team. Create a firewall rule, keep it disabled, and enable it only in case you need support. |
Global outbound rules
Port | To | Note |
53 | Any | DNS, RBL (Remote black lists). |
80 443 3128 8001 8002 8008 | update.anti-spam.cloud | Mailsecure update/proxy server Needful in installation process and regular updates of Antivirus and Antispam rules and virus signature databases. |
80 443 | sns.us-east-1.amazonaws.com | Optional. Only if MFA/2FA/OTP authentication is enabled. |
443 | te.checkpoint.com | Sandbox server Attachments checks with sandbox service Optional. Only if Sandbox checks are activated. |
143 | webmail.anti-spam.cloud | IMAP access to Mailsecure mail server Optional. Needful for automatic system tests executing with command “ms-auto-tests”. |
443 | rspamd.com maps.rspamd.com | Emails checks with Rspamd service Optional. Only if Rspamd checks are activated. |
11335 | fuzzy1.rspamd.com fuzzy2.rspamd.com | Rspamd Fuzzy module checks |
443 | acme-v02.api.letsencrypt.org | Letsencrypt certificate issuing server Optional. Only if Letsencrypt certificate will be used. |
10050 10051 | monitoring.anti-spam.cloud | System health monitoring at Mailsecure monitoring server Optional. If you need system monitoring by the Mailsecure team. |
389* | Your organization LDAP server IP address | Optional. Add this firewall rule only if you will use LDAP connector for users sychnronization. * Port could be a different, depends on your LDAP server settings |
Additional rules for cluster installation only
Port | From | To | Note |
5432 | List of scanner servers IP addresses | Director server IP address | Connection from scanners to director PostgreSQL service |
6379 | List of scanner servers IP addresses | Director server IP address | Connection from scanners to director Redis service |