DirectAdmin as incomming mail gateway

[Jelle]

Question:
How can i set-up this directadmin server to act as incomming mail gateway. Is there an feature within directadmin for this?
If yes, wehre can i find this?

Desired function:
E-mail for domain X will be delivered to the directadmin server
the directadmin server will scan the mail for viruses and spam
and sends the e-mail to an IP adres or host adres of the customers (local) e-mail server.

 

[matrixx]

Jelle,

If I understand you correctly we have a number of clients that do this.

Their local mailservers (i.e. the ones in their offices) simply collect the mail from a catchall address set up in the user account in DA. The email in the catchall address has already been passed through 3 spam filters (Spamblocker, Spam Assassin and the Spam filter built into DA) and Clam AV - Virus Filter.

Then the local server distributes it out in the offices as normal. We don't generally get involved with the local distribution. I say 'generally' as some email delivery problems have to involve us working through the local systems with the client - which is above the hosting support we offer them.

Hope this helps.

Rob

 

[nobaloney]

It sounds as if you're an old-timer, Rob.

Lots of folk in the UK used to do it this way when DSL was relatively unavailable or quite expensive. Many of them used Mailtraq for Windows, a program we used to distribute.

Now, however, most of them expect the email to be sent to them via SMTP either on port 25 or on some other port.

Which can be done, but it requires significant changes to exim.conf.

Jeff

 

[matrixx]

Old timer maybe !

We just aim to keep it simple. It means they are up and running in just a few minutes with no re-writes of Exim.

I suppose it would still show in the Exim logs that way?

Certainly our way if there is a problem we can have a trawl through the logs for the client and track things.

Rob

 

[nobaloney]

Yes, it would shop up in the exim logs as an allowed relay.

Very small businesses running their own mail servers never did catch on in the US, probably because of the high cost of Exchange, which is all most of them considered.

Jeff

 

[Jelle]

Thanx guys, but these answers are not helping me.

I want to set-up my DA server to act as mail gateway for incoming mail. This server should except mail for domain x and then scans the mail for SPAM an AV then send the mail for this domain x to an IP address (the customers local mail server).

- The catch all only works with an destination e-mail address not with an IP address.
- Using catch all and an e-mail address that is homed on the local server will not work, because the customers local mail server will threat that mail only for that address and will not distribute it to other addresses. (because of the mail headers etc.)

The reason to use DA server as a mail gateway is:
- To scan the mail for AV an SPAM remotely and not only on the local mail server.
- All domain related things then can be managed via DA
- Otherwise there are mail functions available for the customer in DA that will not work, like: web mail accounts etc.

At this moment we use Alt-N MDaemon for this but we want to migrate all of our servers to one platform, DA.

PS. Microsoft SBS server 2003 including Exchange does NOT cost more than $ 390,00 and a lost of small companies use it!

I hope that someone knows an solution for this problem. I do not think that I am the first DA customer that wants to use this configuration.

Personally I think this will get DA to an higher level.

Thanx so far!
Jelle

 

[nobaloney]

I already said it can be done but will require significant changes to exim.conf.

You can either change exim.conf yourself, or find someone to change it for you, or pay us or someone else to write you a custom exim.conf.

I don't see it as an option for DA itself, because DA is a hosting platform, and not a mailserver with relaying capabilities.

Of course the JBMC staff might disagree with me; you might want to contact them directly with your request.

Jeff

 

[keefe007]

Why would this require significant changes to the exim.conf files?

Couldn't one just set the MX record for the email domain to mail.hostingprovider.com and then have exim forward all of the incoming mail to another server?

 

[keefe007]

Maybe even something like this -> http://ccfaq.valar.co.uk/modules.php?name=News&file=article&sid=142

 

[keefe007]

I already said it can be done but will require significant changes to exim.conf.

You can either change exim.conf yourself, or find someone to change it for you, or pay us or someone else to write you a custom exim.conf.

I don't see it as an option for DA itself, because DA is a hosting platform, and not a mailserver with relaying capabilities.

Of course the JBMC staff might disagree with me; you might want to contact them directly with your request.

Jeff

Jeff,

There are many companies out that that do this exact thing, and charge a good price for spam/virus filtering. We *may* want to look into this as it could be a way to offer more than just the traditional hosting services.

A company I know of pays some firm $50 USD a month just to have their exchange 2003 mail spam/virus filtered before delivery.

Keefe

 

[nobaloney]

Why would this require significant changes to the exim.conf files?

Couldn't one just set the MX record for the email domain to mail.hostingprovider.com and then have exim forward all of the incoming mail to another server?

Sure you could, but then the world would send directly to the other MX server, and your DA server would never see the email.

So then it wouldn't work too well as a gateway.

Jeff

 

[nobaloney]

Maybe even something like this -> http://ccfaq.valar.co.uk/modules.php?name=News&file=article&sid=142

A smarthost is something completely different.

What that page shows how to do is forward all mail destined for one domain to a different server instead.

It does it by taking mail from authenticated users addressed to pobox.com and sends it through the isp's mailserver.

Which is quite different from what you want to do.

You want to take mail from unathenticated users (the rest of the world) and accept it, and then sanitize it, and then send it to it's proper server.

Here's what you have to do:

1) You have to be the MX server for the domain, and you have to teach your exim to accept email for real users (and only real users) on that domain (even though those users don't exist on your server), refusing mail for users that are NOT real users. To do that you have to, for each domain you receive mail for, find it in a list to be sure you're supposed to accept unauthenticated mail for it.

2) You have to sanitize the mail. You could use SpamBlocker and VirusBlocker. VB isn't out yet, but should be in about a week. SB's newest version (in beta tonight or tomorrow) will do much of what you need, but that's only part of the equation.

3) You could use SpamAssassin 3, though here it only catches about 50% of the spam that makes it through SB. (That could be because SB is so efficient; it might do much better on systems without SB.) It definitely uses a lot of resources, though.

4) You also have to somehow block viruses, or do something else with them, such as mark and forward them, or send them back. Sending back isn't a good option; you'll cause a lot of collateral spam (look up the exact term in Google if you need more info) and you'll find yourself on blocklists. So you'll need to block it. I haven't seen anyone here doing that successfully yet, though VB will, in a week or so. And yes, it to uses a lot of resources.

5) Once you've sanitized the mail you have to forward it to the "real" mailserver for the domain.

How do you do that? You can't do it by MX, because the MX points to you. So you'll need some other method (hint: sendmail uses "mailertable").

If you can do all that without a custom exim.conf file, then good for you .

Jeff

 

[keefe007]

Sure you could, but then the world would send directly to the other MX server, and your DA server would never see the email.

So then it wouldn't work too well as a gateway.

Jeff

Let me clarify for you...

domain1.com is the domain which is hosted on an Exchange 2003 mail server

domain2.com is the domain of the hosting provider running DA

In domain1.com's DNS, set the MX record to be mail.domain2.com or the IP of that server. All mail around the world would be sent to the mail.domain2.com DA server.

On the DA server filter the mail and then foward it off to the hostname/ip of the exchange server.

 

[nobaloney]

There are many companies out that that do this exact thing, and charge a good price for spam/virus filtering.

Sure there are. You didn't think we're developing SpamBlocker and VirusBlocker just so we can give it away to the DA community, did you?

There's a "pro" version coming.

In fact there's a "pro" version coming for DA which will enable full whitelist and blacklist capabilities on a per-domain basis, and will do it all through a web-based interface built in to DA.

We *may* want to look into this as it could be a way to offer more than just the traditional hosting services.

A company I know of pays some firm $50 USD a month just to have their exchange 2003 mail spam/virus filtered before delivery.

We already do some of that kind of service, and have been since 1999 (we've been doing webhosting since late 1994).

Oh, you want to do it, too ...

There's a MailServer version coming. It will run on it's own interface, and will allow you to become a premium email provider.

With exim, per email address white and blocklisting, Courier IMAP, Maildir, customized (and fully customizable) webmail (based on Horde IMP) and database driven authentication.

But that's a subject for another forum for another time, unless John and Mark decide to sell it for us.



Jeff

 

[nobaloney]

domain1.com is the domain which is hosted on an Exchange 2003 mail server

domain2.com is the domain of the hosting provider running DA

In domain1.com's DNS, set the MX record to be mail.domain2.com or the IP of that server. All mail around the world would be sent to the mail.domain2.com DA server.

On the DA server filter the mail and then foward it off to the hostname/ip of the exchange server.

Unless I'm missing something here I don't see why anyone would learn that if they want to send email to (for example) [email protected], they'd have to send it to [email protected].

If you think you can sell a service where people have to send email to a different domain, then go for it.

Or tell me what I'm missing.

Jeff

 

[keefe007]

Where are you getting these subdomains from? Let me further clarify...

1. Bob sends an email to [email protected]
2. Bob's SMTP server does a lookup and realizes that mail.domain2.com is the server to sent it to
3. mail.domain2.com receives the mail
4. mail server processes the mail
5. mail server sees rule to relay all mail destine to @domain1.com
6. mail server relays mail to mail.domain1.com
7. Exchange server on mail.domain1.com receives the message and delivers it to the correct mailbox
8. If that user doesn't exist the mail is sent back to its originator

 

[nobaloney]

Where are you getting these subdomains from?

There are actually rules for what domain names to use in examples. example.com, example.net, and example.org are specifically reserved for such use, so I just added the "domain1" and "domain2" to them. I'm sorry if it resulted in confusion to you.

Let me further clarify...

1. Bob sends an email to [email protected]
2. Bob's SMTP server does a lookup and realizes that mail.domain2.com is the server to sent it to

So far so good.

3. mail.domain2.com receives the mail

And must figure out that it's supposed to process it. That requires custom changes to exim.conf.

4. mail server processes the mail

Which may require custom changes to exim.conf.

5. mail server sees rule to relay all mail destine to @domain1.com

Which requires custom changes to exim.conf.

6. mail server relays mail to mail.domain1.com

And how does it know to send the mail to mail.domain1.com? Obviously because it does some sort of lookup based on custom changes to exim.conf.

7. Exchange server on mail.domain1.com receives the message and delivers it to the correct mailbox

Exactly.

But by the time you're done you've got a bunch of changes to exim.conf. I call that signficant. Your mileage may vary.

8. If that user doesn't exist the mail is sent back to its originator

If the mail is spam or a virus we know that both the From and the return-path are most likely forged. So the Exchange server on mail.domain1.com sends lots of colateral spam, and eventually gets listed on one or more blocklists and can no longer send email.

If the From and return-path don't point to real addresses they point to nonexistent addresses, so the mail gets returned to the bouncing server, or depending on how it's set up, maybe to what you call the mail.domain2 server, resulting in mail delivery loops possibly even so far as to create a DOS attack on mail.domain2.

Undeliverable mail shouldn't be accepted to begin with, which requires that before mail.domain2 accepts the email at all it needs to check with mail.domain1. Which requires yet more changes to the exim.conf file.

Jeff

 

[slingky]

what's new ?

i currently use cpanel / mailscanner /mailscanner front-end from configserver.com / mailwatch / exim

so that i achieve the following:
=====================

i'm the mx for some domains

default address is blackhole so that my server accept all mails for the domain even if there is no email accounts created

exim has a split queue

mailscanner scan and clean the incoming queue

then exim deliver messages

for remote mail servers (ex: customers who run exchange or domino) i setup smart hosts in exim_outgoing.conf

i would like to acheive the same setup through DA

is it possible ?

 

[westm003]

Can anyone...

Hi,

can anyone tell us how to actually do this?

Thanks a lot in advance!

Grt,

Arjan

 

[netearth]

Hi All,

This doesnt answer the original posters question, but it is a solution you could look into.

There is an alternative, order a second IP address for your server *normally you have a few anyway*, install postfix and set it to the second IP address only.

Setup postfix, clamav, amavis etc for the second IP address only.

If you want a GUI to change the postfix relay file, then simply install webmin on a seperate port on the POSTFIX ip address, this gives you a nice and easy GUI to play with postfix.

Whilst installing the above, the whitelist *forgotten which bit installs it, it could be Jeffs mail product* just needs the email addresses of the server you are collecting and fordwarding email for. We have theis running very nicely in the mail servers we run.

There is ONE snag if you really want it to work properly, you need your clients to export their exchange email (or other mail servers) addresses and give them to you so you can add them to the whitelist.

It works a treat, we are blocking 62 odd thousand emails a day PER server.

We have almost finsihed building a mail cluster where most of the above is setup by webgui, but this is outside of DA. This is our first line of defence from the useless muppets out there that want to send spam...

Chris

ps. If anyone wants the above setup, drop me a PM.

NetEath One, Inc.
ICANN Accredited registrar.
http://reseller.netearthone.com