meyer_rm at yahoo.com
Fri Aug 17 09:40:07 EDT 2007
OK, guys... I cannot redesign the environment. I am required to follow the design. We're replacing an Imail server that holds accounts and provides relay functions. The Imail server will be moved to another site and we need to reconstruct the relay function. All incoming mail for our clients hits the relay box and is routed to the appropriate backend server. This gives us a troubleshooting point and allows us to potentially do single point spam and virus detection. All mail coming from the backend servers hits the relay before going out. Again, as a troubleshooting point and for the potential for spam and virus filtering. I cannot change the overall design. I have been requested to find a way to make outgoing mail from different clients originate from different IP addresses so that if one of the clients gets put on a spam list, it doesn't hurt all of our clients... Those are my constraints. If I were to be designing this, those of you that
know me, know that I would not have designed it this way.
So far, the only method that I know of to accomplish this is with virtualization. I'm looking for ideas.
----- Original Message ----
From: Darin Perusich <Darin.Perusich at cognigencorp.com>
To: nflug at nflug.org
Sent: Friday, August 17, 2007 9:18:09 AM
Subject: Re: [nflug] Email
Your "extra elbow grease to set up and get familiar with" comment sounds
like a good reason to me to use another MTA ;-). Why not use Exim,
Qmail, or Exchange for that matter? Then again everyone has their own
preference and in the end the same problem needs to be resolved.
Pete Cummings wrote:
> Why not put sendmail in front of the whole mess ? I know it takes some
> extra elbow grease to set up and get familiar with it, but I've never
> been at a loss for features.
> eric wrote:
>> Starting new sub-thread..
>> Darin, can I ask, what are all the mail packages you use postfix, etc..
>> I'd love an outline or rough draft?
>> Darin Perusich wrote:
>>> Will this machine be an MX server or will it be behind your MX and
>>> relaying from there? I'm also not understanding your SPAM tagging
>>> point. Are you concerned about your relay marking mail from the
>>> domains it's relaying for marking them as SPAM? This is easily
>>> remedied by setting the following spamassassin rule and included ALL
>>> of the relaying domains:
>>> header LOCAL_RCVD Received =~ /.*\(\S+\.cognigencorp\.com\s+\[.*\]\)/
>>> describe LOCAL_RCVD Received from local machine
>>> score LOCAL_RCVD -50
>>> The only way outgoing mail will be sent from a different IP is using
>>> some type of virtualization, and why doesn't this even matter? It
>>> sounds like over complicating the setup.
>>> You mentioned using Postfix for the MTA, a wise move IMHO ;-). Are
>>> you planning on using amavisd-new to filter, tag spam, and virus
>>> check? This is a very typical and efficient setup for relaying for
>>> multiple domains not to mention straightforward. Your setup is a
>>> little more complication then what I have setup here but it's pretty
>>> much the same. If you want more details let me know.
>>> Robert Meyer wrote:
>>>> OK, before we get into this, remember that this is NOT my design.
>>>> I'm trying to make the best of what I have here... Having said that...
>>>> We currently have several clients, all using an Imail server
>>>> (remember, not my design) to handle Email. We are also routing a
>>>> few Exchange servers through it. In essence, all mail coming in for
>>>> these clients hits a single server that separates the domain names
>>>> and routes the mail to the backend servers. We also have some
>>>> clients that are actually storing their mail on the Imail server.
>>>> These two functions are going to be separated so that the relay
>>>> server and the POP/IMAP functions are on different boxes. The mail
>>>> servers that I relay for also relay back through the Imail server.
>>>> The problem is that if one client gets infected with a spam virus or
>>>> otherwise gets the server tagged as a spam host, it breaks all of
>>>> the clients that route through that server. We (actually, they)
>>>> want to keep the single relay host, because it's good for
>>>> troubleshooting. (remember, not my design)
>>>> What I need to know is: Is there any way that I can set up a system
>>>> that will relay mail from internal mail servers but have the IP
>>>> address leaving the server be different for each domain.
>>>> Essentially, I want it to look like each domain is coming from a
>>>> different server. We are switching the relay server to CentOS (RHEL
>>>> clone) and are going to use Postfix for the relay functions.
>>>> The only idea that comes to mind is to create multiple virtual
>>>> servers with VMWare and route each client through a different
>>>> virtual machine. I know I can create multiple IP aliases on the
>>>> machine. Can I leverage that somehow to get different source
>>>> addresses for different domains?
>>>> Moody friends. Drama queens. Your life? Nope! - their life, your story.
>>>> Play Sims Stories at Yahoo! Games.
>>>> nflug mailing list
>>>> nflug at nflug.org
>> nflug mailing list
>> nflug at nflug.org
> nflug mailing list
> nflug at nflug.org
Unix Systems Administrator
395 Youngs Rd.
Williamsville, NY 14221
Email: darinper at cognigencorp.com
nflug mailing list
nflug at nflug.org
Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nflug