mailscanner, queue & nfs

Glenn Steen glenn.steen at gmail.com
Tue Mar 18 11:55:26 GMT 2008 

On 18/03/2008, Alessandro Dentella <sandro at e-den.it> wrote:
> Thanks Glenn for your suggestions, but I haven't understood some of yor
>  hints...
>
Thats OK, sometimes I have trouble following my own line of reasoning:-):-)

>
>  > I'm pretty certain it is the "wrong" way to go. Much better to make
>  > the new one act as a GW to the old one, disable MS on the old one,
>  > config/enable MS on the new one... Less risks, less time spent on
>  > solving "the wrong" type of problems.
>
>
>
> not sure what you mean here when you say one box being gw to the other.
>
Simple "sketch":
Prior to change you basically have an SMTP "chain" something like
(very simplistic example):
"Remote host(s)" (possibly <-> "Your perimeter firewall") <-> "Your mailserver"

What you want to do is to "insert" the new mail gateway before your
old mailserver (called mailstore below), so the "chain" looks like:
"Remote host(s)" (possibly <-> "Your perimeter firewall") <-> "mail
gateway" <-> "mailstore"

To make this so, you can do several things:
- For outbound traffic to be made to go through the new box, set
"relayhost = {address.of.gateway]" in main.cf, or use a transport map
like:
yourdomain.com  :
.yourdomain.com :
*                       smtp:[address.of.gateway]

- For inbound traffic, you need change the public MX records (or
firewall NAT, or ...) so that mail is sent to the new gateway host. On
that host you then have a transport map that point to the mailstore
host, and you enable relaying for the relevant domain(s) perhaps as
simple as "relay_domains = yourdomain.tld" and "relay_recipient_maps =
hash:/etc/postfix/relay_recipients", where the latter is simply a
textfile with all your recipients (one/line, format something like
"user1 at yourdomain.tld 1")... Postmap that, and don't forget the
transport map:
yourdomain.com smtp:[address.of.mailstore]
.yourdomain.com smtp:[address.of.mailstore]

... and you're pretty much set to go. One could use a split view DNS
setup instead, but... we'll go there if needed:-).

With this setup, your new box will be the acting gateway for the old box.
Of course you need setup and configure a lot more on the new box (more
anti-UCE postfix things, like the things mentioned by Jason... and
me:-)... Most notably MailScanner itself.
On the mailstore, MailScanner shouldn't be needed, unless you really
don't trust your users... Hm. Perhaps best to keep it there too, users
being as they are:-):-).

For more verbose and well-explained examples, please do check the
postfix site... Especially
http://www.postfix.org/STANDARD_CONFIGURATION_README.html has some
really relevant and nicely explained examples... I think it's pretty
obvious which apply:).

>
>  > Simpler to set things up on the new one (PF and MS in "relay mode":-),
>
>
> isn't 'relay mode' when you have more that one MailScanner installations?
>  ('Check Watermarks To Skip Spam Checks')
>
See above. What I meant has nothing really to do with MailScanner:-).

>
>  > then just futs your MX records to "slide" it in before the old one,
>
>
> "futs"? (not sure what that means) i guess forwarding the port would work
>  equally well, but how can I configure postfix to finally deliver (cleaned)
>  mails to the old box? (I guess this is the gw setup...)
Futs... To change in a normal fat-fingering way:-). At least what I
mean here... Sorry for the obtuseness.
For the rest.... well, see above for a start.

>  a link to the gateway configration would also be appreciated.
>
>  Thanks again
>
> sandro
>

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list