Networking and connectivity details for the SendPro MailCenter
If you have extensive network security restrictions, your IT or network administrator may need these specifications to prepare for the installation.
Is it secure?
Yes, the system has been approved by AEGISOLVE, a company specializing in custom evaluation and certification testing services for information technology products. Download the full report.
URL Information
The following URLs must be accessible from the SendPro MailCenter system, without any obstructions. It is strongly recommended that the firewall reference the URL rather than IP address, which can change over time.
Required URLs
- SendPro MailCenter Network Linux Proxy Test - Built in tool that pings select PB servers for connectivity testing. Used by PB Service (Resides on Linux Desktop).
- Network Test:
- Domain www.google.com
- 72.14.253.104
- 74.125.230.81
- 74.125.230.82
- 74.125.230.83
- 74.125.230.84
- 74.125.230.80
- Network Test:
- SUSE Linux Proxy Test
- Domain ftp.novell.com
- IP = 130.57.1.88
- Domain ftp.novell.com
- Distributor & Comet
- Distributor - Main PB Server that authenticates machine for access to other PB web services.
- Domain distservp1.pb.com
- Domain proddistributercloud.pb.com (Port 443)
- Domain comet2.ct.pb.com
- Cometservd1.pb.com
- 199.231.44.31
- 199.231.45.46
- Distributor - Main PB Server that authenticates machine for access to other PB web services.
- Rates and Updates (Download Services) - Downloads, new software, graphics, rate price data etc.
- Domain pbgdspp1.pb.com
- 199.231.44.222
- 199.231.44.148
- 199.231.45.41
- 199.231.45.35
- ClamAV:
- Domain clamserver.pb.com
- 199.231.45.165
- 199.231.44.54
- 199.231.33.54
- 199.231.35.165
- Error log uploads:
- Domain pbdlsp1.pb.com
- 199.231.44.30
- 199.231.45.38
- Configuration web page:
- Domain MyMS1Configuration.pb.com
- 199.231.44.166
- OS Updates:
- Domain SMT.pb.com
- 199.231.44.54
- 199.231.35.165
- Manage Accounts (Accounting Web App) - Separate PB Server that manages Accounting including Account Creation, Reports etc.
- Domain ms1app.pb.com
- 199.231.32.67
- On Line Help - This is the online support website.
- Buy Ink Express - Allows direct access to ink ordering page
- Health and Ink Upload - Machine Health Information upload
- Verify Address (address cleansing) - Utility website to validate addresses against USPS database
- Your Account (PB.com) - Utility website to access your account on PB.com.
- Presort Savings and Services - Utility website to manage Discounts & Presorting.
- Buy Supplies - Utility website to order supplies
- SendPro - Newest package shipping application.
- SendSuite Tracking - SendSuite Tracking application.
- Apps & Tools - Utility website for additional applications and tools.
- Domain: www.pb.com
- Domain: www.pitneybowes.com
- Domain: login2pm.pitneybowes.com
- 199.231.33.6
- 199.231.44.12
Optional Firewall exceptions (enabled by default)
- Domain http://www.google.com/analytics
- 209.85.128.000
- 209.85.227.101
- 209.85.227.113
- Track a Package - Carrier independent web tracking site for packages.
- http://pb.boxoh.com/
- Domain pb.boxoh.com
- 72.47.250.186
- http://pb.boxoh.com/
TeamViewer
TeamViewer is used by service and sales for remote diagnostics and training. A TeamViewer session can only be initiated by someone on the customer end and therefore the system cannot be accessed without the customers knowledge. All communication from the Connect+, SendPro P system to the back end system is in the form of XML messages.
There are two options to unblock Teamviewer:
- General unlocking of Port 5938 TCP for outgoing connections (recommended). Port 5938 is only used by a few programs and therefore is no security risk. This traffic should then neither be filtered or cached.
- Unlocking of URLs of the following formats (to any Server)
- GET /din.aspx?s=…&client=DynGate…
- GET /dout.aspx?s=…&client=DynGate…
- POST /dout.aspx?s=…&client=DynGate…
Regardless of which method is chosen to unblock TeamViewer, also check that no content filter or similar is blocking one of the following URLs:
- *.teamviewer.com
- *.dyngate.com
Ports and communication requirements
- All communication is initiated from the SendPro MailCenter system via ports 80 (HTTP) and 443 (HTTPS).
- All communication from the SendPro MailCenter system to the back end system is in the form of XML messages.
Port 80 (HTTP)
- OS Update, AV Updates, Web Services, TeamViewer
Port 443 (HTTPS)
- Requests to refill or audit its PSD (Postal Security Device) based on a low funds or inspection date. Audits occur if the PSD inspection date has expired.
- During initial install, the system will automatically request an Operational Block, from the infrastructure, for the PSD.
- On PSD replacement the System will automatically request the configuration data for the replacement PSD.
- Transaction Records from the SendPro MailCenter system are automatically uploaded when:
- The system goes into sleep mode.
- While powering down the system.
- Activating web accounting services.
- Uploading postal information.
- On power up the system refreshes the web service (checks for Software, Rates and Graphic Updates. It will also contact Supplies, My Account, Tracking etc.) configuration data.
Port 53
- DNS lookup
If your IT department uses a rules-based method for allowing specific ports to pass traffic on their network for port 53, you must allow both UDP and TCP traffic to this port. Port 53 listens for DNS requests and may respond on either protocol, based on the type of request it receives. Short responses should come in over UDP. Longer, more detailed responses on TCP.
Advanced Network Requirements
- The SendPro MailCenter system will require a high-speed network connection.
- The SendPro MailCenter system will initiate all communication.
- The SendPro MailCenter system will initiate all communication (via HTTP or HTTPS), so it can safely sit behind most corporate firewalls.
- The SendPro MailCenter system will communicate to external Web Services via HTTP over Port 80.
- The SendPro MailCenter system will communicate to PB secure server(s) via HTTPS over port 443.
- The SendPro MailCenter system will use Port 53 for DNS lookup.
- Pitney Bowes requires a minimum network bandwidth of 384 kbps (upstream and downstream) to operate, but we recommend 1 Mbit/sec for best performance.
- It is recommended that 3G modem devices are not shared across multiple SendPro MailCenter systems.
- Customer owned web filtering devices or software, as well as SSL packet inspection should be disabled for these ports as they can affect performance.
- The wired Ethernet port supports 1 Gb/sec connections.
UPDATED: May 08, 2024