Gentoo Archives: gentoo-user

From: Marshal Newrock <gentoo@×××××××××××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] inhouse email
Date: Mon, 24 Oct 2005 17:26:32
Message-Id: 200510241318.44917.gentoo@kyndimarion.net
In Reply to: Re: [gentoo-user] inhouse email by John Jolet
1 On Monday 24 October 2005 11:36, John Jolet wrote:
2 > Two things, well several things, really. You need more than one mail
3 > server, or you need a store-and-forward mx in case your mail server goes
4 > down. Second, I'd make sure you put antivirus and spam guards on the mail
5 > server, and that it's beefy enough to handle the traffic. A good split
6 > is to put a bastion mail server doing antivirus and spam checks, but no
7 > user verification outside the firewall (or inside a non-natting
8 > firewall), and have him just forward everything to a secure mail server
9 > inside. put the secure mail server with a non-routable ip, and the
10 > bastion mail server with one public ip, and one non-routable, to talk to
11 > the secure mail server. Make sure both mail servers are up-to-date and
12 > kept up to date patchwise. Run NO other services (except maybe ssh) on
13 > either server.
14
15 I'd like to disagree with a couple points on here.
16
17 First off, a secondary MX is not necessary. If an email can't get through
18 due to a server being down, it will be retried and get through later when
19 the server is up.
20
21 Second, if you are receiving email from the outside world and are not doing
22 any user verification, you are a source of backscatter, and therefore of
23 spam. Do not accept mail for invalid receipients. Do not have a secondary
24 MX if you can not do recipient verification with it. Accept-and-bounce is
25 spam.
26
27 Depending on the amount of mail received, it's not necessary to separate
28 services to different boxes. Sending and receiving mail takes very little
29 resources. It's the extra services, such as spam and antivirus, that
30 require heavier hardware, again depending on your load. You do want to
31 make sure, though, that no outside connections are possible to any spam or
32 virus filtering programs on the mail server.
33
34 --
35 gentoo-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-user] inhouse email "Thomas T. Veldhouse" <veldy@×××××.net>