<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">'cuz that's what I was told to do by my manager. If I were to design the system, that's *exactly* what I would do. Not my choice... I'm in the difficult position of trying to make something work that I know to be wrong to begin with.<br><br>Cheers!<br><br>Bob<br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">----- Original Message ----<br>From: David J. Andruczyk <djandruczyk@yahoo.com><br>To: nflug@nflug.org<br>Sent: Friday, August 17, 2007 9:48:12 AM<br>Subject: Re: [nflug] Email<br><br><div>Uhhm, why can't you just assign this "relay box" to be<br>the MX (mail exchanger) in DNS for all the other<br>domains, so INCOMING mail goes to it where
it can be<br>filtered and relayed to those other boxes..<br><br>just let those other boxes send to the internet<br>DIRECTLY... <br><br>No need for weird source routing tricks, or<br>virtualization.<br><br>--- Robert Meyer <meyer_rm@yahoo.com> wrote:<br><br>> OK, guys... I cannot redesign the environment. I am<br>> required to follow the design. We're replacing an<br>> Imail server that holds accounts and provides relay<br>> functions. The Imail server will be moved to<br>> another site and we need to reconstruct the relay<br>> function. All incoming mail for our clients hits<br>> the relay box and is routed to the appropriate<br>> backend server. This gives us a troubleshooting<br>> point and allows us to potentially do single point<br>> spam and virus detection. All mail coming from the<br>> backend servers hits the relay before going out. <br>>
Again, as a troubleshooting point and for the<br>> potential for spam and virus filtering. I cannot<br>> change the overall design. I have been requested to<br>> find a way to make outgoing mail from different<br>> clients originate from different IP addresses so<br>> that if one of the clients gets put on a spam list,<br>> it doesn't hurt all of our clients... Those are my<br>> constraints. If I were to be designing this, those<br>> of you that<br>> know me, know that I would not have designed it<br>> this way.<br>> <br>> So far, the only method that I know of to accomplish<br>> this is with virtualization. I'm looking for ideas.<br>> <br>> Cheers!<br>> <br>> Bob<br>> <br>> ----- Original Message ----<br>> From: Darin Perusich<br>> <Darin.Perusich@cognigencorp.com><br>> To: nflug@nflug.org<br>> Sent: Friday,
August 17, 2007 9:18:09 AM<br>> Subject: Re: [nflug] Email<br>> <br>> Your "extra elbow grease to set up and get familiar<br>> with" comment sounds <br>> like a good reason to me to use another MTA ;-). Why<br>> not use Exim, <br>> Qmail, or Exchange for that matter? Then again<br>> everyone has their own <br>> preference and in the end the same problem needs to<br>> be resolved.<br>> <br>> Pete Cummings wrote:<br>> > Why not put sendmail in front of the whole mess ?<br>> I know it takes some <br>> > extra elbow grease to set up and get familiar with<br>> it, but I've never <br>> > been at a loss for features.<br>> > Pete<br>> > <br>> > eric wrote:<br>> >> Starting new sub-thread..<br>> >> Darin, can I ask, what are all the mail packages<br>> you use postfix, etc..<br>> >><br>> >> I'd love an outline or rough draft?<br>>
>><br>> >><br>> >><br>> >> Darin Perusich wrote:<br>> >>> Will this machine be an MX server or will it be<br>> behind your MX and <br>> >>> relaying from there? I'm also not understanding<br>> your SPAM tagging <br>> >>> point. Are you concerned about your relay<br>> marking mail from the <br>> >>> domains it's relaying for marking them as SPAM?<br>> This is easily <br>> >>> remedied by setting the following spamassassin<br>> rule and included ALL <br>> >>> of the relaying domains:<br>> >>><br>> >>> header LOCAL_RCVD Received =~<br>> /.*\(\S+\.cognigencorp\.com\s+\[.*\]\)/<br>> >>> describe LOCAL_RCVD Received from local machine<br>> >>> score LOCAL_RCVD -50<br>> >>><br>> >>> The only way outgoing mail will be sent from a<br>> different IP is using <br>>
>>> some type of virtualization, and why doesn't<br>> this even matter? It <br>> >>> sounds like over complicating the setup.<br>> >>><br>> >>> You mentioned using Postfix for the MTA, a wise<br>> move IMHO ;-). Are <br>> >>> you planning on using amavisd-new to filter, tag<br>> spam, and virus <br>> >>> check? This is a very typical and efficient<br>> setup for relaying for <br>> >>> multiple domains not to mention straightforward.<br>> Your setup is a <br>> >>> little more complication then what I have setup<br>> here but it's pretty <br>> >>> much the same. If you want more details let me<br>> know.<br>> >>><br>> >>> Robert Meyer wrote:<br>> >>>> OK, before we get into this, remember that this<br>> is NOT my design. <br>> >>>> I'm trying to make the best of
what I have<br>> here... Having said that...<br>> >>>><br>> >>>> We currently have several clients, all using an<br>> Imail server <br>> >>>> (remember, not my design) to handle Email. We<br>> are also routing a <br>> >>>> few Exchange servers through it. In essence,<br>> all mail coming in for <br>> >>>> these clients hits a single server that<br>> separates the domain names <br>> >>>> and routes the mail to the backend servers. We<br>> also have some <br>> >>>> clients that are actually storing their mail on<br>> the Imail server. <br>> >>>> These two functions are going to be separated<br>> so that the relay <br>> >>>> server and the POP/IMAP functions are on<br>> different boxes. The mail <br>> >>>> servers
that I relay for also relay back<br>> through the Imail server. <br>> >>>> The problem is that if one client gets infected<br>> with a spam virus or <br>> >>>> otherwise gets the server tagged as a spam<br>> host, it breaks all of <br>> >>>> the clients that route through that server. We<br>> (actually, they) <br>> >>>> want to keep the single relay host, because<br>> it's good for <br>> >>>> troubleshooting. (remember, not my design)<br>> >>>><br>> >>>> What I need to know is: Is there any way that<br>> I can set up a system <br>> >>>> that will relay mail from internal mail servers<br>> but have the IP <br>> >>>> address leaving the server be different for<br>> each domain. <br>> >>>> Essentially, I want it to look like each
domain<br>> is coming from a <br>> >>>> different server. We are switching the relay<br>> server to CentOS (RHEL <br>> >>>> clone) and are going to use Postfix for the<br>> relay functions.<br>> >>>><br>> >>>> The only idea that comes to mind is to create<br>> multiple virtual <br>> >>>> servers with VMWare and route each client<br>> through a different <br>> >>>> virtual machine. I know I can create multiple<br>> IP aliases on the <br>> >>>> machine. Can I leverage that somehow to get<br>> different source <br>> >>>> addresses for different domains?<br>> >>>><br>> >>>> Thanks...<br>> >>>><br>> >>>> Cheers!<br>> >>>><br>> >>>> Bob<br>> >>>><br>>
>>>><br>><br>------------------------------------------------------------------------<br>> <br>> >>>><br>> >>>> Moody friends. Drama queens. Your life? Nope! -<br>> their life, your story.<br>> >>>> Play Sims Stories at Yahoo! Games. <br>> >>>><br>><br><<a target="_blank" href="http://us.rd.yahoo.com/evt=48224/*http://sims.yahoo.com/">http://us.rd.yahoo.com/evt=48224/*http://sims.yahoo.com/</a>><br>> >>>><br>> >>>><br>> >>>><br>><br>------------------------------------------------------------------------<br>> <br>> >>>><br>> >>>><br>> >>>> _______________________________________________<br>> >>>> nflug mailing list<br>> >>>> nflug@nflug.org<br>> >>>> <a target="_blank"
href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug</a><br>> >>><br>> >><br>> >> _______________________________________________<br>> >> nflug mailing list<br>> >> nflug@nflug.org<br>> >> <a target="_blank" href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug</a><br>> >><br>> > <br>> > _______________________________________________<br>> > nflug mailing list<br>> > nflug@nflug.org<br>> > <a target="_blank" href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug</a><br>> <br>> -- <br>> Darin Perusich<br>> Unix Systems Administrator<br>> Cognigen Corporation<br>> 395 Youngs Rd.<br>> Williamsville, NY 14221<br>> Phone: 716-633-3463<br>> Email: darinper@cognigencorp.com<br>>
_______________________________________________<br>> nflug mailing list<br>> nflug@nflug.org<br>> <a target="_blank" href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug</a><br>> <br>> <br>> <br>> <br>> <br>> <br>> <br>> <br>><br>____________________________________________________________________________________<br>> Shape Yahoo! in your own image. Join our Network<br>> Research Panel today! <br>><br><a target="_blank" href="http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7">http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7</a><br>> <br>> <br>> > _______________________________________________<br>> nflug mailing list<br>> nflug@nflug.org<br>> <a target="_blank" href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug</a><br>>
<br><br><br>-- David J. Andruczyk<br><br><br> <br>____________________________________________________________________________________<br>Got a little couch potato? <br>Check out fun summer activities for kids.<br><a target="_blank" href="http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz">http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz</a> <br>_______________________________________________<br>nflug mailing list<br>nflug@nflug.org<br><a target="_blank" href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug</a><br></div></div><br></div></div><br>
<hr size=1>Luggage? GPS? Comic books? <br>
Check out fitting <a href="http://us.rd.yahoo.com/evt=48249/*http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz"> gifts for grads</a> at Yahoo! Search.</body></html>