You are here: Installing ListManager > Before You Install > Firewalls > Your Firewall and ListManager

Your Firewall and ListManager

If you have a firewall, you'll need to configure it properly so that ListManager can send and receive mail.

 

Living with a Firewall gives detailed instructions as to how to configure your firewall. Ports ListManager Needs Open is a handy reference of ports ListManager requires.

 

If you need internal mail to be routed in a particular fashion, see Utilities: Administration: Server: Server Settings: DNS Bypass.

 

If you need ListManager to bind to particular IP addresses for SMTP and NNTP, see Utilities: Administration: Sites. If you need ListManager to bind to particular IP addresses for DNS lookups, Tclport, and Global Ban Server, see Utilities: Administration: Server: Server Settings: Machine/Node Settings: IP Addresses.

 

How ListManager Sends Mail

Even from the first versions, Lyris ListManager has featured an integrated mail server in the product. This mail server engine, which is now in its second major revision, allows ListManager to send at speeds that are very difficult to match with other products, such as SendMail or Qmail. ListManager can relay to these servers, but it is not generally possible to reach the high delivery speeds ListManager can obtain using its integrated mail engine when using relaying.

 

ListManager 6.0h and later has its own DNS resolver built into the product. This resolver allows thousands of domains to be resolved each second, a speed which is difficult to match with other products, but which is required to keep up with ListManager’s high mail sending speeds.

 

Both the mail sending engine and the DNS resolver that are built into ListManager require that they communicate directly with servers on the Internet in order for them to reach their maximum speed. This requirement introduces issues for some customers that want to protect their network with a firewall.

 

What Ports Are Required for ListManager to Send Mail

In order for ListManager to function at its maximum speed and functionality, certain ports must be open in the firewall.

 

For mail sending, port 25 must be open in the firewall for TCP network traffic bi-directionally. ListManager must be able to initiate a connection to a server on port 25, and must be able to receive connections on port 25 from servers sending it mail.

 

For resolving DNS requests, the firewall must allow ListManager to send to port 53 using UDP from any high port (1024-65535) on the ListManager machine. The firewall must allow the response to this UDP request to return from the Internet to the same high port on the ListManager server. The ListManager DNS resolver uses UDP only, never TCP, and so no TCP ports need to be open for DNS requests.

 

For clickthrough and clickstream tracking, the firewall must allow access to the ListManager web interface, typically on port 80.

 

For NNTP (MultiView/newsgroup reading), the firewall must allow access on port 119 inbound to ListManager.

 

What if These Ports Can't Be Opened?

Those who want ListManager's speed and full features will need to open these ports. However, there are others who need to enforce strict rules on their firewall that prohibit them from opening these ports.

 

If your company cannot open the ports for email sending and DNS resolution, ListManager has the ability to relay mail to another server for actual Internet delivery. As mentioned before, most mail servers cannot keep up with the high speeds with which ListManager can deliver mail. However, if your ListManager license has a low speed limit the slower speeds of a relay server may not be an issue for you.

 

Additionally, relaying mail reduces ListManager's ability to correctly report delivery statistics or delivery attempt details, since a different server does the actual delivery. When using a relay server, ListManager will report 100% success in delivering the mail, since the relay server should accept all mail provided to it. In reality, the relay mail server is unlikely to be able to deliver 100% of the mail to the Internet, but ListManager cannot report which recipients actually received the mail.

 

Since ListManager does not know about failed delivery attempts, it cannot manage members by removing those who are permanently undeliverable. Normally, ListManager monitors who cannot receive mail and stops delivering to them. Without information about failed deliveries, ListManager will continue to attempt delivery to these addresses, using bandwidth and other resources.

 

Because of these problems, Lyris Technologies strongly recommends that every attempt be made to open these firewall ports, or to put the ListManager server in a DMZ where these ports may be open. However, if corporate firewall rules make doing so impossible, using a relay server is an option for some users.

 

NOTE If one or more relay hosts are defined, domain connection limits have no effect

More

 

1. Living with a Firewall

2. Ports ListManager Needs Open