Firewall Configuration
This document lists the firewall openings needed for a typical GreenArrow installation.
Incoming Firewall Openings
Protocol | Source | Notes |
---|---|---|
SMTP (TCP port 25 ) |
Any | Needed to receive incoming mail, including asynchronous bounces and spam complaints. |
SMTP (TCP port 587 ) |
SMTP clients | Only needed if you’re injecting mail using SMTP from outside your firewall. |
QMQP (TCP port 628 ) |
QMQP clients | Only needed if you’re injecting mail using QMQP from outside your firewall. |
QMQP-streaming (TCP port 629 ) |
QMQP-streaming clients | Only needed if you’re injecting mail using QMQP-streaming from outside your firewall. |
POP3 (TCP port 110 ) |
Any | Only needed if POP clients will connect to GreenArrow Engine from outside your firewall. |
HTTP (TCP port 80 ) |
Any | Only needed if you’re using GreenArrow Studio or GreenArrow Engine’s click, open or unsubscribe tracking features, or accessing GreenArrow’s management interface via HTTP. See the HTTP Server’s “URI Filtering” documentation for information on restricting access by URI prefix. You may use a non-default port for HTTP by updating the /var/hvmail/control/httpd.listen file. |
HTTPS (TCP port 443 ) |
Any | See the HTTP notes above. HTTPS’ TCP port may be customized by updating the /var/hvmail/control/httpd.ssl.listen file. |
SSH (TCP port 22)
|
205.159.93.6 |
Used for remotely administering your installation. You should also allow 104.196.149.69 if GreenArrow is providing managed backups. |
PostgreSQL (TCP port 5432 ) |
205.159.93.6 |
Used if GreenArrow is providing deliverability consulting. This opening isn’t required, but it does make deliverability consulting more efficient. |
Nagios (TCP port 5666 ) |
205.159.93.185 |
Used if GreenArrow is providing server monitoring. |
All |
127.0.0.1 (localhost) |
Some of GreenArrow’s services require communication on localhost. Accepting communications from localhost is required. |
Outgoing Firewall Openings
We only recommend advanced system administrators restrict outgoing firewall access. Here are the ports that we recommend keeping open on the firewall for outgoing access.
Protocol | Destination | Notes |
---|---|---|
SMTP (TCP port 25 ) |
Any | Needed to send mail. |
DNS (UDP and TCP port 53 ) |
Any | GreenArrow Engine runs its own DNS caching server in order to boost performance. |
SSH (TCP port 22 ) |
205.159.93.6 |
Used for retrieving software updates. |
HTTP and HTTPS (TCP ports 80 and 443 ) |
205.159.93.175 , 205.159.93.173
|
205.159.93.175 is used for software installation and updates. 205.159.93.173 is used for API calls to GreenArrow Monitor. Other openings may be needed during the setup process in order to connect to your Linux distribution’s package repositories. Other openings may be required to use the “download from web page” feature in GreenArrow Studio. |
Other | Connections to any of your systems that GreenArrow will be integrating with. For example, MySQL connections would be made to port 3306 . |