tarballed
August 5th, 2003, 18:18
Hey everyone, im back. I had to leave town on a family emergency last week. Ended up going to Seattle, WA. But everything is going well and im back trying to pick up where I left off.
My mail server itself, for the most part is complete. I can send mail and receive mail on it. I still need to do some configuring as well as making it as secure as possible.
Now im moving onto the mail gateway. I was curious on a couple of things.
Basically, i've configured our firewall to allow mail to go to the mail gateway on the DMZ. Now, im configuring the mail gateway.
From what i've read (still reading), for the most part, all I need to do on the mail gateway is:
setup a relay_domains = my-domain.com
#Setup a transport map to deliver mail to mymail server
transport_maps = hash:/etc/postfix/transport
Create transport map:
in /etc/postfix/transport add lines similar to this.
your-domain.com smtp:[mail.your-domain.com]:25
At the command line: postmap /etc/postfix/transport
That should be all I need to do on the Mail gateway to get everything forwarded to the mail server, correct?
If not, what am I missing.
Anyone have any other suggetsions?
I appreciate it.
Tarballed
|MiNi0n|
August 5th, 2003, 18:26
That's about it.
tarballed
August 5th, 2003, 18:54
Thanks Minion. Gets easier when you read all the docs you can.
Still have much to learn though...its fun though.
BTW, when I was in Seattle, our family lives right outside of Redmond, which is home of Microsoft.
I just have to say that Microsofts campus is absolutely HUGE! I had no idea...just a freaking behemouth of a campus....
Not trying to say anything, just thought i'd point that out...hehehe
Tarballed
tarballed
August 11th, 2003, 14:56
If I may add another question to this thread.
I've finally been able to get a few things done that is getting me closer to putting up my mail server. (Long story really)
Anyway, I have a couple questions and I was hoping to get some feedback and recomendations to make this bad boy go live.
Ok, little background info.
As of now, the company uses our ISP to handle all of our email; sending and receiving.
So basically, my question in a nutshell is, what would be the best way to test my new mail server without harming my current setup? I mean, I should not fully change the DNS record for our company and point it to our mail server just yet, just in case there is a problem with the server. So what I was wondering is, is there another way I can make a change so I can test this server without interferring with out current setup?
That way, once i'm fully comfortable with the setup, I can then change the DNS MX record over.
Any input?
Thanks.
Tarballed
tarballed
August 31st, 2003, 05:23
Im back. :)
Started to think about something Elmore and I were talking about one day. He mentioned that his Mail Gateway servers do most of his rbl checking as well as spam checking...Sounds like a great idea to me. :)
Since my Mail Gateway is running OpenBSD, i've been working with it to do some gateway checking and deny any open relays and spam stuff.
Since im doing this on the mail gateway, would there really be any need for me to really beef up the checking on the mail server itself?
The thinking behind it is: If it has already been checked on the mail gateway, why do it on the mail server...
Any thoughts or suggestions there?
Thanks for your help...
Tarballed
|MiNi0n|
August 31st, 2003, 07:45
Yes, you want to at least do virus scanning internally as well else mail from local user to local user goes unchecked.
tarballed
August 31st, 2003, 15:30
Thanks Minion. The one thing I do have is a Corporate Symantec AV server set up on our intranet. All users are under this server.
So far, it has worked very very well. Has caught a lot of viruses. It is an extra layer of security that is the last line of defense. Meaning, if the SMTP proxy misses something, then postfix +anomy misses it, then the AV server should grab it...
But as far as the postfix restrictions are concerned, I should do most of my rbl checking on the gateway and just forget it on the mail sever it self, correct?
Lastly: I need to setup PF on my mail gateway. Is solarflux's web page have a lot of good ideas on how to draft up rules for something like this? Im so excited about working with PF on this setup. It will really really help me improve my firewall skills and I cant wait to get it up and running...
Tarballed
|MiNi0n|
August 31st, 2003, 22:29
But as far as the postfix restrictions are concerned, I should do most of my rbl checking on the gateway and just forget it on the mail sever it self, correct?
Yes.
As for pf, yes solarfluxes page should have plenty of hints.
elmore
August 31st, 2003, 23:18
Yes, you want to at least do virus scanning internally as well else mail from local user to local user goes unchecked.
Well if you didn't have morons for users eh, you wouldn't need that virus scanning at all eh.
Too bad eh, that those users insist on the win platform, I mean really, the nerve eh!
hehe, I'm drunk!
v902
August 31st, 2003, 23:26
... morons for users eh ... virus scanning at all eh.
Too bad eh ... the nerve eh!
hehe, I'm drunk!
Canadian/Drunk What the hell's the difference? :lol: (/me gets smacked around by |MiNi0n|)
But yeah, even if I ran a Postfix server just for myself I'd still run AV and spam assasin, I don't need to see that crap, and I don't need it taking up my time...
elmore
August 31st, 2003, 23:30
I do run that stuff even on personal mail servers that only I use, just busting minions balls eh!