Topic: Firewall Ports you need to open in server-only mode

[delineate]

This is just a note for those who have their sme7.0 behind a firewall.
It's a good idea to allow SME access out on port 2703 if you are running with spam filtering enabled. It's needed by the razor spam engine. Another good one is 53 for spamd reverse black list DNS lookups, even if your firewall runs DNS cache as well.
Any other obscure ports out there we should know about?
Cheers!

[kruhm]

you must have a high-grade firewall as most firewalls dont block outgoing traffic.

you might want to add port port 7 (echo)as Razor2 uses TCP pings to discover what servers are closest to it (from knuddi's faq).

[delineate]

Thanks.
I have it set up for a grade school. Am using a custom OpenBSD firewall w/ a dansguardian content filter. So yeah, I have *everything* blocked except what is specifically allowed. Makes Windowsupdate kind of a PITA  
I've noticed ClamAV updates are getting blocked - have to look into that one yet.

[kruhm]

#probably the DG. check the logs at:

cat /var/log/dansguardian/access.log

#it will tell you what site/content being blocked.
#then add the site to the /etc/dansguardian/exceptionsitelist