[nflug] Email

Mark Musone mmusone at shatterit.com
Fri Aug 17 10:03:14 EDT 2007 

Instead of virtualization, you should be able to run X copies of your MTA,
each simply binding to a different IP address.

Pretty much same result as virtualization without the overhead (I only
briefly thought of this, so my idea could definitely be off a bit..)

 

Mark

 

 

From: nflug-bounces at nflug.org [mailto:nflug-bounces at nflug.org] On Behalf Of
Robert Meyer
Sent: Friday, August 17, 2007 9:40 AM
To: nflug at nflug.org
Subject: Re: [nflug] Email

 

OK, guys... I cannot redesign the environment.  I am required to follow the
design.  We're replacing an Imail server that holds accounts and provides
relay functions.  The Imail server will be moved to another site and we need
to reconstruct the relay function.  All incoming mail for our clients hits
the relay box and is routed to the appropriate backend server.  This gives
us a troubleshooting point and allows us to potentially do single point spam
and virus detection.  All mail coming from the backend servers hits the
relay before going out.  Again, as a troubleshooting point and for the
potential for spam and virus filtering.  I cannot change the overall design.
I have been requested to find a way to make outgoing mail from different
clients originate from different IP addresses so that if one of the clients
gets put on a spam list, it doesn't hurt all of our clients...  Those are my
constraints.  If I were to be designing this, those of you that know me,
know that I would not have designed it this way.

So far, the only method that I know of to accomplish this is with
virtualization.  I'm looking for ideas.

Cheers!

Bob

----- Original Message ----
From: Darin Perusich <Darin.Perusich at cognigencorp.com>
To: nflug at nflug.org
Sent: Friday, August 17, 2007 9:18:09 AM
Subject: Re: [nflug] Email

Your "extra elbow grease to set up and get familiar with" comment sounds 
like a good reason to me to use another MTA ;-). Why not use Exim, 
Qmail, or Exchange for that matter? Then again everyone has their own 
preference and in the end the same problem needs to be resolved.

Pete Cummings wrote:
> Why not put sendmail in front of the whole mess ? I know it takes some 
> extra elbow grease to set up and get familiar with it, but I've never 
> been at a loss for features.
> Pete
> 
> eric wrote:
>> Starting new sub-thread..
>> Darin, can I ask, what are all the mail packages you use postfix, etc..
>>
>> I'd love an outline or rough draft?
>>
>>
>>
>> Darin Perusich wrote:
>>> Will this machine be an MX server or will it be behind your MX and 
>>> relaying from there? I'm also not understanding your SPAM tagging 
>>> point. Are you concerned about your relay marking mail from the 
>>> domains it's relaying for marking them as SPAM? This is easily 
>>> remedied by setting the following spamassassin rule and included ALL 
>>> of the relaying domains:
>>>
>>> header LOCAL_RCVD Received =~ /.*\(\S+\.cognigencorp\.com\s+\[.*\]\)/
>>> describe LOCAL_RCVD Received from local machine
>>> score LOCAL_RCVD -50
>>>
>>> The only way outgoing mail will be sent from a different IP is using 
>>> some type of virtualization, and why doesn't this even matter? It 
>>> sounds like over complicating the setup.
>>>
>>> You mentioned using Postfix for the MTA, a wise move IMHO ;-). Are 
>>> you planning on using amavisd-new to filter, tag spam, and virus 
>>> check? This is a very typical and efficient setup for relaying for 
>>> multiple domains not to mention straightforward. Your setup is a 
>>> little more complication then what I have setup here but it's pretty 
>>> much the same. If you want more details let me know.
>>>
>>> Robert Meyer wrote:
>>>> OK, before we get into this, remember that this is NOT my design.  
>>>> I'm trying to make the best of what I have here...  Having said that...
>>>>
>>>> We currently have several clients, all using an Imail server 
>>>> (remember, not my design) to handle Email.  We are also routing a 
>>>> few Exchange servers through it.  In essence, all mail coming in for 
>>>> these clients hits a single server that separates the domain names 
>>>> and routes the mail to the backend servers.  We also have some 
>>>> clients that are actually storing their mail on the Imail server.  
>>>> These two functions are going to be separated so that the relay 
>>>> server and the POP/IMAP functions are on different boxes.  The mail 
>>>> servers that I relay for also relay back through the Imail server.  
>>>> The problem is that if one client gets infected with a spam virus or 
>>>> otherwise gets the server tagged as a spam host, it breaks all of 
>>>> the clients that route through that server.  We (actually, they) 
>>>> want to keep the single relay host, because it's good for 
>>>> troubleshooting.  (remember, not my design)
>>>>
>>>> What I need to know is:  Is there any way that I can set up a system 
>>>> that will relay mail from internal mail servers but have the IP 
>>>> address leaving the server be different for each domain.  
>>>> Essentially, I want it to look like each domain is coming from a 
>>>> different server.  We are switching the relay server to CentOS (RHEL 
>>>> clone) and are going to use Postfix for the relay functions.
>>>>
>>>> The only idea that comes to mind is to create multiple virtual 
>>>> servers with VMWare and route each client through a different 
>>>> virtual machine.  I know I can create multiple IP aliases on the 
>>>> machine.  Can I leverage that somehow to get different source 
>>>> addresses for different domains?
>>>>
>>>> Thanks...
>>>>
>>>> Cheers!
>>>>
>>>> Bob
>>>>
>>>>
------------------------------------------------------------------------ 
>>>>
>>>> Moody friends. Drama queens. Your life? Nope! - their life, your story.
>>>> Play Sims Stories at Yahoo! Games. 
>>>> <http://us.rd.yahoo.com/evt=48224/*http://sims.yahoo.com/
<http://us.rd.yahoo.com/evt=48224/*http:/sims.yahoo.com/> >
>>>>
>>>>
>>>>
------------------------------------------------------------------------ 
>>>>
>>>>
>>>> _______________________________________________
>>>> nflug mailing list
>>>> nflug at nflug.org
>>>> http://www.nflug.org/mailman/listinfo/nflug
>>>
>>
>> _______________________________________________
>> nflug mailing list
>> nflug at nflug.org
>> http://www.nflug.org/mailman/listinfo/nflug
>>
> 
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug

-- 
Darin Perusich
Unix Systems Administrator
Cognigen Corporation
395 Youngs Rd.
Williamsville, NY 14221
Phone: 716-633-3463
Email: darinper at cognigencorp.com
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug

 

 

  _____  

Ready for the edge of your seat? Check out
<http://us.rd.yahoo.com/evt=48220/*http:/tv.yahoo.com/>  tonight's top picks
on Yahoo! TV. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nflug.org/pipermail/nflug/attachments/20070817/bb1fc38c/attachment.html

More information about the nflug mailing list