Firewall Ports for MailScanner, need Recommendations/Guidance

[Michele Neylon]

On Mon, 2004-06-21 at 02:14, lester lasad wrote:
> Fedora Core 1
> MailScanner 4.31.6-1
> SpamAssassin 2.63
>
> I am starting with a fresh install of fedora,
> MailScanner, and Spamassassin.  I am also trying to
> use dcc, pyzor, and razor.  Clamav is my virus
> scanner. I am having performance issues with my
> current config but I believe the performance issues
> are do to the firewall.
>
> My main question is, is it absolutely necessary to
> have the following ports open on the firewall in order
> for MailScanner to work properly with dcc, razor,
> pyzor, and clamav:
> Razor2 tcp ports 2703 and 7
> Pyzor udp port 24441
> DCC udp port 6277
>
> Currently I only have port 25 open on the firewall and
> right now I am seeing timeouts with DCC and clamav.
> To my understanding MailScanner handles updating the
> clamav virus defs.  What port is used for this?  The
> reason I ask is because when I run "freshclam"
> manually it uses port 80, is that the same port that
> MailScanner uses to update clamav?
>
> My main concern is security.  If it is not necessary
> to open the additional ports I would prefer not to.
You have to open the ports in order for MailScanner to work with Razor,
pyzor and DCC. If you do not open those ports you _will_ have severe
problems.
AVs use port 80 for updates.
You'll also need to open port 53/UDP for DNS queries outbound

--
Mr. Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
+353 59 913 7101

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html