It is EXCEPTIONALLY easy to setup QMail as a relay:
_*For inbound traffic relay:*_
- First, setup a route (in */var/qmail/control/smtproutes*) that
points your domain(s) to your "hidden" mail server
Read more about smtproutes on our website (yes, its still there)
http://wiki.qmailtoaster.com/index.php/Smtproutes
An example entry might be:
/example.com:192.168.1.2/ <where 192.168.1.2 is the local IP address
of the hidden mail server>
- Next, add the same domain(s) to your allowed domains (in
*/var/qmail/control/rcpt**hosts*)
Read more about smtproutes on our website (yes, its still there)
http://wiki.qmailtoaster.com/index.php/Rcpthosts
An example entry might be:
/example.com/
- 3rd (optional, but _/recommended/_) -- tell your "hidden" mail server
to accept PORT 25 connections ONLY from the Smart(Qmail)Host.
If your "hidden" mail server is QMail, you could do this in your
firewall, or tcprules
_*For outbound traffic relay:
*_ - First, do what is necessary on your "hidden" mail server to send
all mail to the smart host
- If that is QMAIL, you will add a DEFAULT entry to your *smtproutes
*file (see above)
An example entry might be:
/:192.168.1.3/ <where 192.168.1.3 is the local IP address of the
Smart(Qmail) server>
- Then, configure your Smart(Qmail) server to do whatever level of
scanning of INBOUND mail you want (usually little to none)
This is usually done with an entry in tcprules, for example:
/192.168.1.2:allow,RELAYCLIENT="",SENDER_NOCHECK="1" /
_*Finally:
*_ Configure your Smart(Qmail) server to do whatever SPAM and/or
AntiVirus scanning you want... and that's it!
_*That's a grand total of 2 to 3 files to edit*_ (except for
customizations on the scanning itself)
FWIW: I setup QMT as a smarthost on MOST of my clients who have Exchange
-- cuts the processing load on the Exchange by usually 50-75%, as the
QMT handles the "dumb SPAM" much more quickly and efficiently.
I hope this helps!
Dan McAllister
On 8/1/2014 2:03 AM, Sebastian Grewe wrote:
I don't think you need qmail for that. If it's a simple relay that you
want to run Id probably go for Exim4 or Postfix. They can do this
simple work easily and there is probably a lot of documentation
available how to set it up.
For added security you should consider using firewall rules to only
allow that amazon instance access to it.
Cheers,
Sebastian
On 01.08.2014, at 07:59, Aneesh Hariyappan <[email protected]
<mailto:[email protected]>> wrote:
hi seb / eric
we are on the same page... thanks for your answers .. Is it possible
to setup the mail relay agent in DMZ ? I dont know the full
capabilities of Qmail . Does QMail have a relay agent ? if so give me
some help to set it up
cheers!!
On Fri, Aug 1, 2014 at 12:59 AM, Eric Shubert <[email protected]
<mailto:[email protected]>> wrote:
So I guess the answer to his original question is "yes". :)
It depends on the circumstances (requirements and constraints) as
to how best to achieve the result.
Thanks Sebastian. I presume Aneesh will reply with any further
questions he might have.
--
-Eric 'shubes'
On 07/31/2014 11:20 AM, Sebastian Grewe wrote:
I think they don't wanna take any risk and loop it through an
internal connection. No outside one at all.
Under that aspect I see a relay being useful. It can deal
with nasty stuff instead of the important machine on the LAN.
Could be a security requirement in the company, maybe PCI
compliance ;-)
Cheers,
Sebastian
On 31.07.2014, at 20:08, Eric Shubert <[email protected]
<mailto:[email protected]>> wrote:
On 07/31/2014 10:30 AM, Sebastian Grewe wrote:
I think the mail server is not connected to the
internet and does not handle "public domain" emails.
It only handled email tragic internally. So the cloud
app needs a way "in" and the idea is to use a simple
public mta that accepts the mail as-is and passes it
on to the internal server which delivers to the user(s).
I think a simple mail relay will do the trick
allowing traffic from that one IP.
Cheers,
Sebastian
I see. I believe you're correct.
Why bother with the relay though? The intranet mail host
could be configured to accept external email only from
the cloud host, as well as intranet connections. Simply
modify the tcp.smtp file accordingly. No?
--
-Eric 'shubes'
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
--
Regards ,
Aneesh K H
--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!
