<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font size="+1"><tt>I've "been there" and just running a
MailScanner (our spamassassin and clamav) on mydomain.tld
would be enough - but this rather negates the idea of using a
central hub......<br>
Setting up mydomain.tld to only accept mail from
mailscanner.anotherdomain.tld would mean that you have a
problem if mailscanner.anotherdomain.tld goes down.<br>
Some senders don't keep trying for 5 days and you'd loose mail
if you didn't notice and get a (already configured) solution
on-line very quickly.<br>
(I've been there too....) :(<br>
</tt></font></p>
<p><font size="+1"><tt><br>
For me, one of the advantages of running via MX records is the
failover.<br>
Running a separate mail host means that </tt></font><font
size="+1"><tt><font size="+1"><tt>you can plan things so that the
end-user doesn't notice or loose mail </tt></font>if you
move from one host (or ISP) to another. <br>
DNS propagation times can be a real headache for multinational
mail sources......</tt></font></p>
<p><font size="+1"><tt>If you don't have to move hosts around that
often it's not a problem - make sure that your ISP keeps
giving you DNS access though.</tt></font></p>
<p><font size="+1"><tt>Whatever you do, you still need a good backup
as a way of getting a machine (the hub) up and running quickly
in case of hardware failure though.</tt></font></p>
<p><font size="+1"><tt><br>
</tt></font></p>
<p><font size="+1"><tt>I still have a load of questions about this
whole idea because there's the issue of the Sender Policy
Framework (SPF) records - which is important if you are using
the MailScanner "hub" to scan outgoing mail as well......<br>
<br>
</tt></font></p>
<p><font size="+1"><tt>For me this is still "work in progress" ;)</tt></font></p>
<p><font size="+1"><tt>-Graham-</tt></font></p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">Manuel Kälin wrote on 2016-12-08 18:02:<br>
</div>
<blockquote
cite="mid:1e498f7f440e55ee98cea31b35ab5b61043175a7@mylogin.email"
type="cite">Hi<br>
<br>
This could be solved with a 2nd mailscanner as 2nd mx and change
mydomain.tld Server that it accepts just from the mailscanner
server.<br>
Or am i missing something?<br>
<br>
Manuel<br>
<blockquote class="atmailquote"><br>
----- Ursprüngliche Nachricht -----<br>
<div id="origionalMessageFromField"
style="width:100%;display:inline;background:rgb(228,228,228);">
<div style="display:inline;font-weight:bold;">Von:</div>
"MailScanner Discussion"
<a class="moz-txt-link-rfc2396E" href="mailto:mailscanner@lists.mailscanner.info"><mailscanner@lists.mailscanner.info></a></div>
<br>
<div id="origionalMessageToField"
style="display:inline;font-weight:bold;">An:</div>
"MailScanner Discussion"
<a class="moz-txt-link-rfc2396E" href="mailto:mailscanner@lists.mailscanner.info"><mailscanner@lists.mailscanner.info></a><br>
<div id="origionalMessageSentField"
style="display:inline;font-weight:bold;">Cc:</div>
<br>
<div style="display:inline;font-weight:bold;">Gesendet:</div>
Thu, 8 Dec 2016 17:38:02 +0100<br>
<div id="origionalMessageSubjectField"
style="display:inline;font-weight:bold;">Betreff:</div>
Re: Mailscanner initial Setup help<br>
<br>
<br>
Hello everybody,<br>
<br>
this is exactly how we have our set-up - should we write some
documentation and <br>
try to get it added to the MailScanner docs on the web site?<br>
<br>
- It's actually more DNS and PostFix/Sendmail set-up issue than
MailScanner but <br>
I always thought that the MailScanner site would be a good place
to centralise <br>
this information because it's going to be a "standard"
requirement.<br>
<br>
Here's the concept:<br>
<br>
The domain is "mydomain.tld" and this IP_Addr is running a web
and e-mail server <br>
(etc.,etc., etc.)<br>
<br>
We want to set up a separate host to act as a mail "hub" with
MailScanner (spam <br>
and virus) which scans the mail before passing it onto
"mydomain.tld".<br>
<br>
For the purposes of this exercise let's call this "mailscanner
hub" host :<br>
"mailscanner.anotherdomain.tld"<br>
<br>
So,<br>
In order that mail for mydomain.tld is first sent to <br>
"mailscanner.anotherdomain.tld" we have to have access to the
DNS - MX records <br>
for "mydomain,tld"<br>
We set-up two MX records:<br>
mydomain.tld MX10 mailscanner.anotherdomain.tld.<br>
mydomain.tld MX20 mydomain.tld.<br>
<br>
This makes sure that if there's a problem with our "mailscanner
hub" mail still <br>
gets through....<br>
<br>
Don't forget that anotherdomain.tld is also going to accept
e-mail via it's own <br>
MX records AND that mailscanner.anotherdomain.tld should be
pointed to by an <br>
A-record and should NOT be a CNAME.<br>
<br>
Now, on mailscanner.anotherdomain.tld<br>
- we set up the mail server (my experience is with Sendmail and
Postfix)<br>
- we set up Mailscanner<br>
and we test that it all works for mail going to
anotherdomain.tld<br>
<br>
Then we set up Sendmail or Postfix to forward non-local mail to
"mydomain.tld"<br>
<br>
From experience, the problem with this concept is the spammers
who ignore the <br>
dns and send directly to the smtp server at "domain.tld".<br>
And, this is where someone else could help out with a good
solution that doesn't <br>
mean installing another mailscanner on "domain.tld"<br>
<br>
Does this sound about right?<br>
<br>
-Graham-<br>
<br>
PS: there are a couple of other tools needed of course -
maildrop and MailWatch<br>
<br>
<br>
<br>
Manuel Kälin wrote on 2016-12-08 16:13:<br>
> Hi<br>
><br>
> Yes, we need this second solution with incoming and
outgoing direct trom the<br>
> final hosts.<br>
> Have you set this up with postfix and how did you forward
the mails? As files or<br>
> something like smarthost?<br>
><br>
> Manuel<br>
><br>
><br>
> ----- Ursprüngliche Nachricht -----<br>
> Von:<br>
> "MailScanner Discussion"
<a class="moz-txt-link-rfc2396E" href="mailto:mailscanner@lists.mailscanner.info"><mailscanner@lists.mailscanner.info></a><br>
><br>
> An:<br>
> "MailScanner Discussion"
<a class="moz-txt-link-rfc2396E" href="mailto:mailscanner@lists.mailscanner.info"><mailscanner@lists.mailscanner.info></a><br>
> Cc:<br>
><br>
> Gesendet:<br>
> Thu, 8 Dec 2016 10:03:38 -0500<br>
> Betreff:<br>
> Re: Mailscanner initial Setup help<br>
><br>
><br>
> That's my solution as well. All the mail comes in to the
central<br>
> scanning server and is then forwarded on to the final
destinations. The<br>
> model where the final delivery servers receive the mail,
forward it to a<br>
> central scanner, and then receive the results, is much
harder to set up.<br>
> In the first stage you don't want the server to be the
final delivery<br>
> host, while in the second you do.<br>
><br>
> Peter<br>
><br>
><br>
> On 12/08/2016 08:42 AM, Heino Backhaus wrote:<br>
> > I think I would prefer to receive the mails with
Mailscanner, check them<br>
> > and forward them to Server A or B.<br>
><br>
><br>
> --<br>
> MailScanner mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
> <a class="moz-txt-link-freetext" href="http://lists.mailscanner.info/mailman/listinfo/mailscanner">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
><br>
><br>
><br>
><br>
><br>
<br>
<br>
-- <br>
MailScanner mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a class="moz-txt-link-freetext" href="http://lists.mailscanner.info/mailman/listinfo/mailscanner">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">
</pre>
</blockquote>
<br>
</body>
</html>