MailScanner ANNOUNCE: New commercial product SMGateway

John Rudd jrudd at UCSC.EDU
Wed Mar 2 22:01:45 GMT 2005 

On Mar 2, 2005, at 13:06, Mike Bacher wrote:

> John Rudd wrote:
>> On Mar 2, 2005, at 6:29 AM, Julian Field wrote:
>>
>>> We are pleased to announce SMGateway, the first Secure Mail Gateway
>>> product from Fortress Systems Ltd.
>>
>>
>> - Active Directory Authentication?  What about Kerberos?  (POP/IMAP is
>> good enough for us (since those check against our Kerberos pass
>> phrases), but I'm curious if you're doing AD via LDAP, or AD via
>> Kerberos, or some other aspect of AD authentication I'm not aware of
>> ... and if you're doing it via AD's LDAP functionality, I wonder why
>> you didn't also list LDAP authentication in the blurb)
>
> Recipient checking is available via LDAP and milter-ahead (basically,
> it opens a
> persistent SMTP channel to the mailhub and does RCPT TO's, with some
> intelligent caching)

So, what exactly is milter-ahead?  Is this just a few checks that are
done as part of a milter, or is this doing the full mailscanner
implementation in a milter?

(and, what we do now is distribute an aliases file to each of our
sendmail boxes, and those are how we get valid vs not-valid address
support for our scanning boxes; the file is automated generated every
few hours, and the sendmail boxes also periodically/automatically
import it; part of this is a legacy issue and part of it is because our
older mailing list system uses the aliases file for lists)

Do domains have default forwards?  It might be interesting to say that
the default forward for a given domain is to send it to mailhub A, and
the default domain to send it to for a second domain is mailhub B, but
not allow users to over-ride that, and yet still have this recipient
checking going on to insure that the end address is valid.

(our existing mechanisms is that our athena based account management
system manages the aliases file, both for mailing lists and user
forwards; that information also gets extracted and incorporated into
communigate pro's "redirect" option; users can manage either of them,
but we're planning to retire the athena stuff, so the authoritative
location will be the end mail hub, not the scanning hosts, so what we
want the scanning hosts to do is just send it all to the mailhub.  But,
it has to be the right mailhub for that domain, and it has to be
rejecting invalid addresses at the front door.  Our existing plan had
been to just munge the aliases file, but if SMGateway has domain
defaults for that kind of thing, then that allows us to eliminate that
piece)


>> - Redhat only?  No Solaris support?  Any Solaris support planned?
>
> The biggest (and really the only) barrier to using it on other
> platforms is the fact that
> the product is totally RPM based.  I would love to be able to run it
> on FreeBSD as that is
> what we run our MailScanner machines on now, but it would require some
> work to get things
> going.

Hm.  So, does that mean that if you move toward supporting Solaris you
would:

a) require the customer to have RPM on Solaris? (we used to do all of a
bunch of internal solaris packaging with rpm's at Cygnus)

b) support Solaris pkg's?

c) come up with a tar based distribution?

(I think any of those is fine, just curious what direction you might go)

>> - Also, we use an array of machines to do our mailscanner work right
>> now.  Does SMGateway support this (Ie. users only have to set their
>> options on one machine, instead of having to touch all 4 of them?).
>> My
>> impression is that because you're using MailWatch, which I thought
>> uses
>> mysql for various things, then it might be possible to put the mysql
>> database on a separate machine, and thus have multiple work-horse
>> machines that all use 1 configuration database.  Is that an
>> appropriate/accurate assumption?
>
> That would require SMCluster, which isn't out yet.. (we have the same
> config, and need it too)
>

How long until it's out (ball park).  We can probably eval the
stand-alone version without any problem, but when we go to deployment,
we'll most definitely need the clustering support.


Oh, one other thing: what other parts of the mail system are you going
to support?  For example, if we have problems with the domain stuff in
sendmail, are you going to support that, or just the domain parts of
SMGateway/SMCluster?  If we had questions and stuff about SSL and
SMTP-Auth, and doing the same exact user authentication as we're doing
for the web configuration stuff (ex. proxy it off to the IMAP server),
would you have help/information/etc. around that?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list