URL | From Server | Purpose | More Info |
HTTP (port 80) to all locations, including (but not limited to) HTTP://crl3.digicert.com HTTP://crl4.digicert.com HTTP://o.lencr.org Note: For correct operation of TLS, the Controller service on all processing nodes must have access to HTTP port 80 without restriction. TLS certificate revocation lists are published over HTTP and there is no definite list of URLs. | All | HTTPS Certificate Checking | Q12992 |
HTTPS://mailmarshal.licensing.marshal.com | Array Manager | Licensing IP Reputation Service credential | Q12992 |
HTTP://www.marshal.com HTTPS://www.marshal.com | Array Manager | SpamCensor and processing module updates | Q12992 |
HTTPS://cdn-updates.marshal.com This URL is hosted on Microsoft Azure CDN. IP addresses may change. IP addresses can be retrieved using the "Front Door" tag in Microsoft Azure IP Ranges and Service Tags. | Array Manager | SpamCensor and processing module updates (Azure CDN) NEW | Q12992 |
HTTP://sigupdates.marshal.com HTTPS://sigupdates.marshal.com HTTP://pki.cloudmark.com/ HTTPS://pki.cloudmark.com/ HTTP://lvc.cloudmark.com/ HTTPS://lvc.cloudmark.com/ HTTP://tracks.cloudmark.com/ HTTPS://tracks.cloudmark.com/ HTTPS access to the following network range: 208.83.136.0/22 | Processing Nodes | SpamProfiler Note: As of February 2024, HTTPS is the default protocol. If you use a proxy server that inspects HTTPS content (such as WebMarshal), you should bypass the proxy for these URLs. SpamProfiler licensing and updates will fail if proxy SSL certificates are used. | Q12992 |
HTTP://scanmail.trustwave.com HTTPS://scanmail.trustwave.com (These URLs may redirect or resolve to different IP addresses) | User's workstation | Blended Threat Service URL check | Q12992 |
HTTPS://stats.scanmail.trustwave.com | Array Manager | Blended Threat Service statistics retrieval | Q12992 |
HTTP://urlcategorizer.seg.trustwave.com | Processing Nodes | URL Categorizer URL check Note: this service has multiple geographically distributed instances. MailMarshal installations use the best instance based on geography and latency. | Q12992 |
HTTP://sophos.marshal.com HTTPS://sophos.marshal.com | Processing Nodes | Sophos for Marshal Engine and IDE updates (if installed). - HTTPS required from SfM version 1.1.
- Note that the LiveProtection service (present in version 1.1 and above) performs DNS-based queries and must have access to a DNS server that can query the Sophos DNS servers.
| Q11906 |
HTTP://mcafee.marshal.com HTTPS://mcafee.marshal.com | Processing Nodes | McAfee for Marshal Engine updates (if installed). - HTTPS required from MfM version 1.1.
| Q11360 |
HTTP://update.nai.com/ | Processing Nodes | McAfee for Marshal definition file updates (if installed) | Q11360 |
HTTPS://bitdefender.marshal.com HTTPS://agent-av-mirror.trustwave.com | Processing Nodes | Bitdefender for Marshal Engine and signature updates (if installed) | Q20561 |
HTTP://activations.marshal.com/ HTTPS://activations.marshal.com/ | SPE MIA server or Maintenance Agent/Web Console server | SPE licensing and Connector Agent updates | Q12161 |