Mailscanner initial Setup help
Graham S. Jarvis
gsjarvis at pt.lu
Thu Dec 8 19:09:26 UTC 2016
I've "been there" and just running a MailScanner (our spamassassin and clamav)
on mydomain.tld would be enough - but this rather negates the idea of using a
central hub......
Setting up mydomain.tld to only accept mail from mailscanner.anotherdomain.tld
would mean that you have a problem if mailscanner.anotherdomain.tld goes down.
Some senders don't keep trying for 5 days and you'd loose mail if you didn't
notice and get a (already configured) solution on-line very quickly.
(I've been there too....) :(
For me, one of the advantages of running via MX records is the failover.
Running a separate mail host means that you can plan things so that the end-user
doesn't notice or loose mail if you move from one host (or ISP) to another.
DNS propagation times can be a real headache for multinational mail sources......
If you don't have to move hosts around that often it's not a problem - make sure
that your ISP keeps giving you DNS access though.
Whatever you do, you still need a good backup as a way of getting a machine (the
hub) up and running quickly in case of hardware failure though.
I still have a load of questions about this whole idea because there's the issue
of the Sender Policy Framework (SPF) records - which is important if you are
using the MailScanner "hub" to scan outgoing mail as well......
For me this is still "work in progress" ;)
-Graham-
Manuel Kälin wrote on 2016-12-08 18:02:
> Hi
>
> This could be solved with a 2nd mailscanner as 2nd mx and change mydomain.tld
> Server that it accepts just from the mailscanner server.
> Or am i missing something?
>
> Manuel
>
>
> ----- Ursprüngliche Nachricht -----
> Von:
> "MailScanner Discussion" <mailscanner at lists.mailscanner.info>
>
> An:
> "MailScanner Discussion" <mailscanner at lists.mailscanner.info>
> Cc:
>
> Gesendet:
> Thu, 8 Dec 2016 17:38:02 +0100
> Betreff:
> Re: Mailscanner initial Setup help
>
>
> Hello everybody,
>
> this is exactly how we have our set-up - should we write some
> documentation and
> try to get it added to the MailScanner docs on the web site?
>
> - It's actually more DNS and PostFix/Sendmail set-up issue than
> MailScanner but
> I always thought that the MailScanner site would be a good place to
> centralise
> this information because it's going to be a "standard" requirement.
>
> Here's the concept:
>
> The domain is "mydomain.tld" and this IP_Addr is running a web and e-mail
> server
> (etc.,etc., etc.)
>
> We want to set up a separate host to act as a mail "hub" with MailScanner
> (spam
> and virus) which scans the mail before passing it onto "mydomain.tld".
>
> For the purposes of this exercise let's call this "mailscanner hub" host :
> "mailscanner.anotherdomain.tld"
>
> So,
> In order that mail for mydomain.tld is first sent to
> "mailscanner.anotherdomain.tld" we have to have access to the DNS - MX
> records
> for "mydomain,tld"
> We set-up two MX records:
> mydomain.tld MX10 mailscanner.anotherdomain.tld.
> mydomain.tld MX20 mydomain.tld.
>
> This makes sure that if there's a problem with our "mailscanner hub" mail
> still
> gets through....
>
> Don't forget that anotherdomain.tld is also going to accept e-mail via
> it's own
> MX records AND that mailscanner.anotherdomain.tld should be pointed to by an
> A-record and should NOT be a CNAME.
>
> Now, on mailscanner.anotherdomain.tld
> - we set up the mail server (my experience is with Sendmail and Postfix)
> - we set up Mailscanner
> and we test that it all works for mail going to anotherdomain.tld
>
> Then we set up Sendmail or Postfix to forward non-local mail to "mydomain.tld"
>
> From experience, the problem with this concept is the spammers who ignore the
> dns and send directly to the smtp server at "domain.tld".
> And, this is where someone else could help out with a good solution that
> doesn't
> mean installing another mailscanner on "domain.tld"
>
> Does this sound about right?
>
> -Graham-
>
> PS: there are a couple of other tools needed of course - maildrop and
> MailWatch
>
>
>
> Manuel Kälin wrote on 2016-12-08 16:13:
> > Hi
> >
> > Yes, we need this second solution with incoming and outgoing direct trom the
> > final hosts.
> > Have you set this up with postfix and how did you forward the mails? As
> files or
> > something like smarthost?
> >
> > Manuel
> >
> >
> > ----- Ursprüngliche Nachricht -----
> > Von:
> > "MailScanner Discussion" <mailscanner at lists.mailscanner.info>
> >
> > An:
> > "MailScanner Discussion" <mailscanner at lists.mailscanner.info>
> > Cc:
> >
> > Gesendet:
> > Thu, 8 Dec 2016 10:03:38 -0500
> > Betreff:
> > Re: Mailscanner initial Setup help
> >
> >
> > That's my solution as well. All the mail comes in to the central
> > scanning server and is then forwarded on to the final destinations. The
> > model where the final delivery servers receive the mail, forward it to a
> > central scanner, and then receive the results, is much harder to set up.
> > In the first stage you don't want the server to be the final delivery
> > host, while in the second you do.
> >
> > Peter
> >
> >
> > On 12/08/2016 08:42 AM, Heino Backhaus wrote:
> > > I think I would prefer to receive the mails with Mailscanner, check them
> > > and forward them to Server A or B.
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> >
> >
> >
> >
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20161208/d17e82af/attachment-0001.html>
More information about the MailScanner
mailing list