Port numbers

Assuming a default configuration, the following inbound ports are required (depending on which services you want to make publicly available). All ports are TCP, unless otherwise mentioned.

MDaemon
25, Inbound and Outbound – ESMTP
53, Outbound – DNS (note that return packets are required)
110, Inbound and Outbound – POP3 and MultiPOP
143, Inbound – IMAP4
366, Inbound and Outbound – ODMR (ATRN, alternate ESMTP port)
465, Inbound – SSL SMTP
587, Inbound – ESMTP MSA (Mail Submission Agent — Have your mail cilents deliver here rather then 25 to avoid ISP firewalls
993, Inbound – SSL IMAP4
995, Inbound and Outbound – SSL POP3
4069 UDP, Inbound and Outbound – Minger

Even if you intend on enforcing encrypted connections, the unencrypted ports should be left active as the STARTTLS command starts a connection unencrypted and later adds encryption.

WorldClient, SyncML, ActiveSync, WebDAV, and possibly more
3000, Inbound – HTTP
80, Inbound – HTTP
443, Inbound – HTTPS

If nothing else on your server listens on port 80 and 443, it is highly recommended to assign these ports to WorldClient. It is required for ActiveSync’s AutoDiscovery, and for some older ActiveSync clients to connect.

WebAdmin
1000, Inbound – WebAdmin’s webserver

BES
3101, Outbound – BES services

SpamAssassin
80, Outbound – SA-Update

SecurityPlus/Outbreak Protection
21, Outbound – FTP for virus definitions updates
80, Outbound – HTTP for virus definitions updates and Outbreak Protection

If you are using a software firewall, you should ensure that the following processes have unrestricted inbound and outbound access: MDaemon.exe, WorldClient.exe, WebAdmin.exe, MDSpamD.exe, AVUpdate.exe

Finally, note that various parts of MDaemon interact using sockets to localhost IP addresses, so if you use a software firewall, you should not block any traffic to/from 127.0.0.1. This includes SpamAssassin, WorldClient, BES and other features.

MDaemon Support Bulletin – MD061915

Alt-N has released MDaemon 15.0.3, 14.5.4, 14.0.4, 13.5.4, as well as patches for MDaemon 12.5, 12.0, 11.0 to correct a critical security vulnerability. I would highly recommend installing the latest bits as soon as is possible. While I don’t know all the details, be aware that the content filter processes all messages, therefore the vulnerability can likely be remotely exploited.

Read MDaemon Security Bulletin – MD061915 for more details, then get your server patched!

MDaemon security vulnerability (MD051314)

The announcement from Alt-N is as follows:

MDaemon 14.0.1 fixes a critical security vulnerability in WorldClient. Versions going back to 13.0.0 are affected, so we’ve also released updates for them (13.6.3, 13.5.3, and 13.0.6).

More information and download links can be found here:
http://www.altn.com/Support/SecurityUpdate/MD051314_MDaemon_EN/

If you’re running MDaemon 13 or MDaemon 14 of any flavour, update to 14.0.1 if you’re upgrade protection permits, or if not, upgrade to 13.6.3, 13.5.3, 13.0.6 as soon as possible.