Can the MailMarshal Sender service bind to a specific IP address?


This article applies to:

  • Trustwave MailMarshal (SEG)
    • Note version-specific changes

Question:

  • Can the MailMarshal Sender service bind to a specific IP address?
  • How do I configure MailMarshal to send outbound messages through a specific network adapter?

Reply:

There is a registry or Advanced Settings entry setting to allow the MailMarshal Sender service to bind to a specific IP address.

Typically this would be used on a machine with 2 network cards. If MailMarshal binds to just one of the network cards then it can only send mail out through that network card. This can be used to hide internal IP addresses or to restrict which networks MailMarshal can talk to.

The MMSender service will not start if it is configured to a loopback IP address such as 127.0.0.1 (unless you have also set a port for sending).

Binding for each message is logged to the Sender text log.

MailMarshal 10.X:

The Sender binding can be set for all servers, or for each individual server.
In the Management Console > Advanced Settings:
  • To set the value for all servers, add the entry Sender.SenderBindIP (String) with the IP address as the value
    • For IPv6, use Sender.SenderBindIP6
  • To set the value for a specific server, add the entry Servers.<servername>.SenderBindIP (String) with the IP address as the value
    • For example Servers.MyMMServer.SenderBindIP (String) 1.2.3.4
    • For IPv6, use Servers.<servername>.SenderBindIP6
  • The server name is the name shown in the Mail Servers section of the Management Console
  • Values such as the server name may be case sensitive.
  • Commit configuration. It may be necessary to restart the MMSender service. 

MailMarshal 6.4 through 8.X:

The Sender binding can be set for all servers, or for each individual server.

Note: The Registry value name has changed from earlier versions.

  1. On the Array Manager, edit the Registry
    • For full details of the location for each product version, see article Q10832.
  2. To set the value for all servers, navigate to the appropriate key as described:
    • In version 8.X: HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Default\Sender
  3. To set the value for a specific server, navigate to the appropriate key as described:
    • In version 8.X: HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Servers\<servername>
      for example …\Servers\MyServer
  4. Create a new STRING value and name it SenderBindIP.
    • Specify the value of the new string value to be the IP address that you want to bind to the MMSender service. 
  5. Version 7.2 and above: for IPv6 binding, create a new STRING value and name it SenderBindIP6.
    • Specify the value of the new string value to be the IPv6 address that you want to bind to the MMSender service. 
  6. Commit configuration.
  7. Restart the MMSender service.

 

MailMarshal 6.0 through 6.2:

  1. On the Array Manager, navigate to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Marshal\MailMarshal\Default\Sender
  2. Create a new STRING value and name it BindIP.
  3. Specify the value of the new string value to be the IP address that you want to bind to the MMSender service. 
  4. Commit configuration.
  5. Restart the MMSender service.

  • Prior to version 6.4, if you have configured an array with more than one processing node, DO NOT use this registry entry. The entry applies to all servers and it is not configurable per node.

Warning: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Trustwave cannot guarantee that problems resulting from the incorrect use of Registry Editor can be resolved. Make sure that you backup your Registry prior to making any changes.

This article was previously published as:
NETIQKB46764

Last Modified 11/23/2021.
https://support.trustwave.com/kb/KnowledgebaseArticle10034.aspx