English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
Security Gateway Update URL
-
Hi,
I am looking for the update URLs used by MDaemon Security Gateway so that we can allow them through our proxy server. This will ensure that the Security Gateway can update properly without requiring direct Internet access.
Additionally, please provide the URLs for any other services within MDaemon Security Gateway—such as Antivirus updates or any other features that require Internet connectivity—so that we can allow them through the proxy as well.
Our customer has restricted direct Internet access to the MDaemon Security Gateway server due to company audit policies. However, they are permitted to use a filtered proxy server, and we would like to configure it accordingly to enable update services.
-
Mollie should be sending you the requested information very soon, if you don't already have it. Here is another copy.
Server From To Protocol Port Notes Email Internet SecurityGateway Server TCP 25 Standard port for SMTP mail traffic. Required for SecurityGateway to receive email directly from the Internet. Email SecurityGateway Server Internet TCP 25 Standard port for SMTP mail traffic. Required for SecurityGateway to send email to the internet. Email Clients SecurityGateway Server TCP 25 Standard port for SMTP mail traffic. Only needed if you want to allow clients to send directly to SecurityGateway on port 25 (587 or 465 are preferred for this). Most of the time clients are configured to send to the mail server and the mail server sends to SecurityGateway. Email Domain Mail Servers SecurityGateway Server TCP 25 Standard port for SMTP mail traffic. Required for domain mail servers to send to SecurityGateway on port 25 (587 or 465 are preferred for this). Email SecurityGateway Server Domain Mail Servers TCP 25 Standard port for SMTP mail traffic. Required for SecurityGateway to send to domain mail servers on port 25 (587 or 465 are preferred for this). Email Internet SecurityGateway Server TCP 587 Standard port for MSA traffic. Email clients can use this port when sending email to SecurityGateway. Authentication is required. Only required if you want email clients to be able to send directly to SecurityGateway. Most customers configure email clients to send to the mail server. Email Clients SecurityGateway Server TCP 587 Standard port for MSA traffic. Email clients can use this port when sending email to SecurityGateway. Authentication is required. Only required if you want email clients to be able to send directly to SecurityGateway. Most customers configure email clients to send to the mail server. Email Domain Mail Servers SecurityGateway Server TCP 587 Standard port for MSA traffic. Email clients can use this port when sending email to SecurityGateway. Authentication is required. Only required if you want domain mail servers to be able to send directly to SecurityGateway on port 587. Email SecurityGateway Server Domain Mail Servers TCP 587 Standard port for MSA traffic. Authentication is required. Only required if you want SecurityGateway to be able to send to domain mail servers on port 587. Email Clients SecurityGateway Server TCP 465 Standard port for SSL SMTP traffic. Can be used for clients sending mail to SecurityGateway. Only required if you want email clients to be able to send directly to SecurityGateway. Most customers configure email clients to send to the mail server. Email Internet SecurityGateway Server TCP 465 Standard port for SSL SMTP traffic. Can be used for clients sending mail to SecurityGateway. Only required if you want email clients to be able to send directly to SecurityGateway. Most customers configure email clients to send to the mail server. Email Domain Mail Servers SecurityGateway Server TCP 465 Standard port for SSL SMTP traffic. Can be used for clients sending mail to SecurityGateway. Only required if you want domain mail servers to be able to send directly to SecurityGateway on port 465. Email SecurityGateway Server Internet TCP 110 Standard port for POP3 mail traffic. Required if you want to collect mail from a third party using Remote POP Accounts Email SecurityGateway Server Internet TCP 995 Standard port for Secure POP3 mail traffic. Some third party mail providers require the use of port 995 when using Remote POP Accounts DNS SecurityGateway Server DNS Server UDP 53 Required for SecurityGateway to complete DNS lookups User Verification Sources SecurityGateway Server MDaemon UDP 4069 Custom port used for Minger lookups to MDaemon. Required if you are using Minger as a User Verification Source. User Verification Sources SecurityGateway Server Domain Controller/LDAP Server TCP 389 Standard LDAP port. Used to query LDAP or ActiveDirectory when you have an LDAP or ActiveDirectory/Exchange user verification source configured. User Verification Sources SecurityGateway Server MDaemon TCP 444 Custom port used for secure communication with MDaemon's XML API. Required if you have an MDaemon (XML API) user verification source configured. User Verification Sources SecurityGateway Server Microsoft Servers TCP 443 Required for Microsoft 365 User Verification Sources. List URLS that it uses here… User Interface Clients SecurityGateway Server TCP 4000 Default HTTP port for the SecurityGateway User Interface. This should only be used if you are redirecting HTTP to HTTPS User Interface Internet SecurityGateway Server TCP 4000 Default HTTP port for the SecurityGateway User Interface. This should only be used if you are redirecting HTTP to HTTPS User Interface Clients SecurityGateway Server TCP 4443 Default HTTPS port for SecurityGateway User Interface. User Interface Internet SecurityGateway Server TCP 4443 Default HTTPS port for SecurityGateway User Interface. Server SecurityGateway Server services.mdaemon.com TCP 443 license requests, Install Survey, Registration Info, eM Client licenses Server SecurityGateway Server files.mdaemon.com TCP 443 Update Checker Server SecurityGateway Server login.microsoftonline.com TCP 443 OAUTH with Microsoft Server SecurityGateway Server publicsuffix.org TCP 443 Download a list of public suffixes used by DMARC Server SecurityGateway Server Internet TCP 443 Download MTA-STS policies Server SecurityGateway Server Internet TCP 443 Upload TLS Reports Server SecurityGateway Server stats.mdaemon.com TCP 443 Upload anonymous statistical data Server SecurityGateway Server api.pwnedpasswords.com TCP 443 Check for compromised passwords Server SecurityGateway Server AI Provider TCP 443 AI Classification requires HTTPS access to the third party provider you are using. AntiVirus SecurityGateway Server updates.ikarus.at TCP 443 Download virus definition updates for IKARUS AntiVirus SecurityGateway Server database.clamav.net TCP 443 Download virus definition updates for ClamAV Outbreak Protection SecurityGateway Server ctmail.com TCP 80 Used by Outbreak Protection. Traffic is encrypted with proprietary encryption. It uses the following hosts:
resolver1-mdaemon.ctmail.com
resolver2-mdaemon.ctmail.com
resolver3-mdaemon.ctmail.com
resolver4-mdaemon.ctmail.com
resolver5-mdaemon.ctmail.com
resolver6-mdaemon.ctmail.com
resolver7-mdaemon.ctmail.com
resolver8-mdaemon.ctmail.com
resolver9-mdaemon.ctmail.comSpamAssassin SecurityGateway Server SpamAssassin Update Server TCP 443 Download updates for SpamAssassin rules. Check https://sa-update.spamassassin.org/MIRRORED.BY for the full list of servers that will be used. Let's Encrypt Let's Encrypt Servers SecurityGateway Server TCP 80 Used by Let's Encrypt to complete HTTP-01 challenges. It can be redirected to port 443. They do not publish IP ranges for the ACME service and they change without notice Let's Encrypt Let's Encrypt Servers SecurityGateway Server TCP 443 Used by Let's Encrypt to complete HTTP-01 challenges. They do not publish IP ranges for the ACME service and they change without notice Let's Encrypt SecurityGateway Server Let's Encrypt Servers TCP 443 Used to communiate with Let's Encrypt. The current hostnames are:
acme-v02.api.letsencrypt.org
acme-staging-v02.api.letsencrypt.org
-
Dear Arron,
Yes, Mollie already sent it. I see my interest information is listed at the bottom. and the table is so big that in the mail client and from mobile, I didn't notice the bottom part. i thought it was just a port list, sorry.
So, i think i have got the required, let's work with the customer and let's see if this works with their proxy.
Thanks.,
-
Dear Arron,
We are facing issues with sa-update.dnswl.org. The XDR Analytics BIOC (Severity: Medium) is detecting alerts from the MDaemon Security Gateway. Could you please explain why XDR is showing this kind of error/alert and how we can mitigate it?
[Note: The MDaemon Security Gateway has no internet access for all services.]
-
Could you please explain why XDR is showing this kind of error/alert and how we can mitigate it?
I can't explain why, you'll have to contact your XDR Analytics provider for that, but I can help you mitigate the issue. Please be sure to let them know this is a false positive.
Since you are not allowing SecurityGateway to access the internet, the easiest way to mitigate this alert is to turn off the SpamAssassin updates. You can do this in SecurityGateway by logging in as a global administrator and going to Security | Anti-Spam | Heuristics and Bayesian | Click here to configure SGSpamD, then select the radio button for "Do not check for heuristic rule updates".
If you want to allow SecurityGateway to update the SpamAssassin rules then you'll need to report the false positive to your vendor and wait for them to correct it, or add an exclusion to allow the update to occur. The steps to add the exclusion will vary depending on the software you are using to do the XDR Analytics.
