Configure your Firewall
The archive needs secure POP3 access to your messaging server in order to retrieve data on a regular basis. The archive uses SSL to ensure no data is sent in clear text, and all data is stored encrypted with a unique encryption key.
If you already allow external POP3 access to your mail server through your firewall then you can skip this section. Otherwise please gather the following information to continue configuring your firewall.
1. Mail server internal IP address
(typically in the range of 10.1... or 192.1...)
2. POP3 port (typically this is 110 or 995)
For this exercise let's assume your internal mail server POP3 port setting is 110 and its private IP is 10.1.1.5 and you you have one public IP, which is 220.127.116.11.
Follow the steps below to create a simple firewall rule to allow the data collectors to access your email servers.
1. Login to your firewall admin
interface. This is typically a web-based application.
2. Select the Port Forwarding or Rules section. This could be in the advanced configuration menu.
3. Create a POP3 port forwarding rule. This rule will forward external POP3 traffic from your public IP address to your mail server's private (internal) address. Only POP3 port activity will be able to use this access, and you can also restrict to SSL-only traffic if your firewall has the capability.
4. Enter the public POP3 port number you want to use. This can be any port number that is not already in use on your network. You will need to remember this number later in the archive configuration process. For example: Use "54321" since it is a unique number. 4. The rule should forward both TCP and UDP packets.
5. The end result is a port forwarding rule that forwards publicly available 18.104.22.168:54321 to your private 10.1.1.5:143.
6. Repeat port forwarding rules for all your mail servers that will need to be accessed for archiving.
For the current list of IP address ranges to lock down you firewall, please contact your archive service provider.