Jonathan Horne wrote:
currently, my email server is just a single box, accepting and sending emails
from and to the internet. spamassassin and sendmail, and so far, it works
satisfactory.
i would like to change it up, so that i have a pair of servers doing MX from the
internet, which then passes to an internal server for delivery. if i do that, i
could remove spamassassin from the internal server, and run it on just the 2
external. all those configurations is really not my issue here... what im
really pondering is how would external servers that are seperate from where the
target mailboxes are, know which addressess are acceptable and which to return a
550?
does anyone have any setups that are similar to this, and could advise me or
point me in the right direction?
thanks,
jonathan
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
There's really too many variables in your question to provide a good answer.
ideally, the 'internal' server should be configured as normal, but not
exposed on a public interface; sendmail should not be listening for
incoming connections from anything other than your two 'outside' boxes
if it has a valid public IP address.
If the previous sceenario is true, then all you've really gotta do on
the 'outside' boxes, is add the domain names for which the 'inside' box
is going to relay mail for, and set the two outside boxes as MX hosts in
your public DNS records, while they receive internally the
hostname/address of the internal MX host.
You could go a step further, by using virtusertable within sendmail to
redirect incoming mail for a domain to a specific host on the inside
instead of just relaying, which could provide a more flexible filtering
mechanism; something like:
@whatever.com [EMAIL PROTECTED]
Essentially instructing sendmail on the external machine to forward
along '[EMAIL PROTECTED]' to '[EMAIL PROTECTED]' ...
or you could go beyond that to only filter specific addresses and error
out everything else. Well, you get the idea - there's more than one way
to do this.
You need to really specify your goals more clearly: Are you trying to
simply offset the load? Are you trying to make a redundant setup for a
failover setup? Are you trying to be more secure by filtering before
handling email? Are you trying to avoid having all your eggs in one
basket? Do you desire a single point of configuration, or are you
expecting to configure each new account on all servers? These are all
things you have to consider.
Bottom line is, you need to really sit down and put to thought exactly
what you're trying to accomplish. If the load created by spamassassin is
your sole problem - then you can run just spamassassin's filtering
daemon on another machine - it is capable of running spamd over a
network (see: spamd/spamc:
http://spamassassin.apache.org/full/3.0.x/dist/spamd/README for more info).
My advice would be to decide exactly what you want to accomplish, then
come back and ask for further suggestion from this list. There are many
talented, experienced administrators here - who chances are, have come
accross an almost exact case that could help you out - they all just
need a little more to go on before they can tell you what they'd do in
your case. Ultimately, it's up to you and RTFM'ing the heck out of it
before you implement it in production is always a good choice.
--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
