Port numbers

Assuming a default configuration, the following inbound ports are required (depending on which services you want to make publicly available). All ports are TCP, unless otherwise mentioned.

25, Inbound and Outbound – ESMTP
53, Outbound – DNS (note that return packets are required)
110, Inbound and Outbound – POP3 and MultiPOP
143, Inbound – IMAP4
366, Inbound and Outbound – ODMR (ATRN, alternate ESMTP port)
465, Inbound – SSL SMTP
587, Inbound – ESMTP MSA (Mail Submission Agent — Have your mail cilents deliver here rather then 25 to avoid ISP firewalls
993, Inbound – SSL IMAP4
995, Inbound and Outbound – SSL POP3
4069 UDP, Inbound and Outbound – Minger

Even if you intend on enforcing encrypted connections, the unencrypted ports should be left active as the STARTTLS command starts a connection unencrypted and later adds encryption.

WorldClient, SyncML, ActiveSync, WebDAV, and possibly more
3000, Inbound – HTTP
80, Inbound – HTTP
443, Inbound – HTTPS

If nothing else on your server listens on port 80 and 443, it is highly recommended to assign these ports to WorldClient. It is required for ActiveSync’s AutoDiscovery, and for some older ActiveSync clients to connect.

1000, Inbound – WebAdmin’s webserver

3101, Outbound – BES services

80, Outbound – SA-Update

SecurityPlus/Outbreak Protection
21, Outbound – FTP for virus definitions updates
80, Outbound – HTTP for virus definitions updates and Outbreak Protection

If you are using a software firewall, you should ensure that the following processes have unrestricted inbound and outbound access: MDaemon.exe, WorldClient.exe, WebAdmin.exe, MDSpamD.exe, AVUpdate.exe

Finally, note that various parts of MDaemon interact using sockets to localhost IP addresses, so if you use a software firewall, you should not block any traffic to/from This includes SpamAssassin, WorldClient, BES and other features.

Notify an administrator upon account creation

Have you ever wanted to run an external task or notify an administrator or similar when a new user has been created in MDaemon? This is actually possible via a content filter rule in MDaemon.

The content filter is found within the MDaemon GUI under Security | Content Filter, but it’s sometimes easier to modify the cfrules.dat to recreate a complicated rule. The cfrules.dat file is located within the \MDaemon\APP directory and can be modified using plain-text a editor, but please take a backup of this file first!

RuleName=Take action on new user welcome message
Condition01=X-Actual-From|starts with|AND|[email protected]|
Condition02=SUBJECT|contains|OR|Welcome to MDaemon!|Welcome to the email system|Email account information|
Condition03=X-Welcome-Message|does not exist|AND|
Action01=add header|"X-Welcome-Message","True"
Action02=copy to|"[email protected]"

Feel free to paste this to the bottom of your cfrules.dat file, save, and you can modify it within the content filter editor within the MDaemon GUI. Note that the rule will not be activated until you open the Content Filter and enable it.

If you’re asking yourself why there is a X-Welcome-Message header being created, it’s simple: If your action included sending an email to an external account that was forwarded back into MDaemon, you’d end up with a loop. By using a custom header, we can avoid that loop.

Lastly, verify that you have the option checked in MDaemon for ‘System generated messages are sent through the content and spam filters’ within MDaemon under Setup | Preferences | Miscellaneous.

While the rule in it’s current form is intended to copy the new-user message to a specific account, you can also run an external script or use other Content Filter actions instead.

Upgrading without a reboot

Do you enjoy rebooting your server? If not, have you ever wondered why MDaemon’s installer asks you to reboot after upgrading?

If MDaemon’s installer does ask you to reboot, please do reboot. You won’t be prompted for a reboot unless either MDaemon was unable to update all files OR another previous installer left files pending for a reboot. MDaemon won’t ask for a reboot unless it’s needed!

If you want to find out which files MDaemon’s installer was unable to update, take a look for the excellent WhyReboot tool. WhyReboot will attempt to show the pending file renames, deletes, and other operations scheduled to occur on the next reboot. If any of these are MDaemon related, do not start MDaemon until you reboot.

In many cases you can also avoid rebooting entirely if you shut down a few services before upgrading MDaemon. Not all of these apply to every installation, but you’ll want to look at some or all of the following items:

If you run under IIS, stop both the IIS website and Application Pool(s).
Stop the MDaemon service. Yes, the installer will try to do this for you, do it anyway.
Stop the MDaemon Remote Administration service. Yes, the installer will try to do this for you, do it anyway. Also, stop SecurityPlus’ tray tray icon, if running.

Depending on your configuration, you may also need to stop the Windows Management Instrumentation service, and Windows Event Log service, although these only need to be stopped if you use these features in MDaemon, if not, you can also disable the applicable features in MDaemon.

Finally, at the conclusion of the installation process, consider what services need to be started. MDaemon’s installer will start MDaemon and MDaemon Remote Administration, but any other services you shut down will need to be restarted manually.