This article applies to:

• Trustwave MailMarshal (SEG)
• Trustwave ECM/MailMarshal Exchange
• Windows Firewall 

Question:

• What settings are required to allow MailMarshal to work with Windows Firewall? 

Information:

When you install MailMarshal server components on a computer with Windows Firewall enabled, you must add exceptions to the Windows Firewall configuration to allow MailMarshal to function correctly. These exceptions allow inbound connections to the MailMarshal components.

The required exceptions depend on the MailMarshal version and the server role.

Notes:

• In the details below, all executables mentioned are found in the MailMarshal installation folder.
• The TCP ports listed are the default values. It is possible to change the ports MailMarshal uses.
• Trustwave does not recommend opening TCP ports 137,138,139 for a computer open to the Internet. If you require remote Configurator access to a computer in this situation, you could use Remote Desktop.
• For additional details of port usage, see Trustwave Knowledge Base article Q10905.

Trustwave MailMarshal (SEG)

Version 10.0 and above:

• All remote user interfaces for MailMarshal (SEG) 10 are web-based. Configurator and Console are no longer used. Allow HTTPS connections (port 443) to the Array Manager server.
• On each email processing server, allow MMReceiver.exe (TCP port 25) and MMController.exe (TCP port 19002). If you are using the MailMarshal POP3 service, allow MMPOP3.exe (TCP port 110).
• On the Array Manager, allow MMArrayManager.exe (TCP port 19001) for connections from processing nodes.

Version 8.X:

• MailMarshal automatically adds required exceptions for the MailMarshal services that are actually installed on a server (but not the File and Printer Sharing service). If you do not need remote access to the Configurator, no further action is required. Un-installing MailMarshal removes the exceptions.
• On each email processing server, allow MMReceiver.exe (TCP port 25) and MMController.exe (TCP port 19002). If you are using the MailMarshal POP3 service, allow MMPOP3.exe (TCP port 110).
• To allow remote connections from the MailMarshal SMTP Console, on the Array Manager server allow MMArrayManager.exe (TCP port 19001).
• To allow remote connections from the MailMarshal SMTP Configurator, on the Array Manager server also allow the default "File and Printer Sharing" service (TCP ports 137,138,139).

MailMarshal Exchange

• Trustwave ECM/MailMarshal Exchange 7.X automatically adds required exceptions for the MailMarshal services that are actually installed on a server (but not the File and Printer Sharing service). If you do not need remote access to the Configurator, no further action is required. Un-installing MailMarshal removes the exceptions.
• On each email processing server, allow MEXController.exe (By default the Controller uses TCP port 19012). 
• To allow remote connections from the MailMarshal Exchange Console, on the Array Manager server allow MEXArrayManager.exe (By default the Array Manager uses TCP port 19011).
• To allow remote connections from the MailMarshal Exchange Configurator, on the Array Manager server also allow the default "File and Printer Sharing" service (TCP ports 137,138,139).
• On the Web Components server, allow HTTP or HTTPS connections on port 81 (web components bind to this port by default to avoid possible conflicts with MailMarshal SMTP Web Components).