Jonathan Horne wrote:
currently, my email server is just a single box, accepting and sending emails from and to the internet. spamassassin and sendmail, and so far, it works
satisfactory.

i would like to change it up, so that i have a pair of servers doing MX from the internet, which then passes to an internal server for delivery. if i do that, i could remove spamassassin from the internal server, and run it on just the 2 external. all those configurations is really not my issue here... what im really pondering is how would external servers that are seperate from where the target mailboxes are, know which addressess are acceptable and which to return a
550?

does anyone have any setups that are similar to this, and could advise me or
point me in the right direction?

thanks,
jonathan
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


There's really too many variables in your question to provide a good answer.

ideally, the 'internal' server should be configured as normal, but not exposed on a public interface; sendmail should not be listening for incoming connections from anything other than your two 'outside' boxes if it has a valid public IP address.

If the previous sceenario is true, then all you've really gotta do on the 'outside' boxes, is add the domain names for which the 'inside' box is going to relay mail for, and set the two outside boxes as MX hosts in your public DNS records, while they receive internally the hostname/address of the internal MX host.

You could go a step further, by using virtusertable within sendmail to redirect incoming mail for a domain to a specific host on the inside instead of just relaying, which could provide a more flexible filtering mechanism; something like:

@whatever.com   [EMAIL PROTECTED]

Essentially instructing sendmail on the external machine to forward along '[EMAIL PROTECTED]' to '[EMAIL PROTECTED]' ... or you could go beyond that to only filter specific addresses and error out everything else. Well, you get the idea - there's more than one way to do this.

You need to really specify your goals more clearly: Are you trying to simply offset the load? Are you trying to make a redundant setup for a failover setup? Are you trying to be more secure by filtering before handling email? Are you trying to avoid having all your eggs in one basket? Do you desire a single point of configuration, or are you expecting to configure each new account on all servers? These are all things you have to consider.

Bottom line is, you need to really sit down and put to thought exactly what you're trying to accomplish. If the load created by spamassassin is your sole problem - then you can run just spamassassin's filtering daemon on another machine - it is capable of running spamd over a network (see: spamd/spamc: http://spamassassin.apache.org/full/3.0.x/dist/spamd/README for more info).

My advice would be to decide exactly what you want to accomplish, then come back and ask for further suggestion from this list. There are many talented, experienced administrators here - who chances are, have come accross an almost exact case that could help you out - they all just need a little more to go on before they can tell you what they'd do in your case. Ultimately, it's up to you and RTFM'ing the heck out of it before you implement it in production is always a good choice.

P.S. - sorry if this double-posts, realized I sent from the wrong account and tried to cancel - not sure if it did, so figure better two copies than none.

--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to