The only solution that comes to mind is to have a routing host with vrfy on behind the MX boxes, i.e. minimum of five servers, two IMGate MX, one IMGate routing, and at least two Imail peers. Then you simply lock down SMTP on everything except the MX boxes. The bonus side is the three IMGate boxes should be able to handle several Imail peers without adding an additional routing host, and since the routning host only needs to route, you won't need as much machine (no anti-spam, anti-virus loads).
Thanks, Chuck Frolick ArgoNet, Inc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Len Conrad Sent: Thursday, June 19, 2003 4:05 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] Peering >Len, maybe I'm missing something. If you have IMail peering enabled, it will >always check its peer list first using VRFY, agreed, we can't turn that off. > prior to sending to the default >gateway (even if you have "send all remote mail through gateway" enabled). >Before the server sends the message, the recipient is rewritten from >[EMAIL PROTECTED] to [EMAIL PROTECTED] are you sure it is actually re-written to a numeric part or does the peer client just TCP to that IP and deliver RCPT TO:<[EMAIL PROTECTED]> ? >and passed onto either your default gateway if it passed to the gateway as RCPT TO:<[EMAIL PROTECTED]>, then IMGate will handle it as intended >The rewrite with IP ensures that when the email is >sent to the gateway server it cannot be sent back to that same box (due to DNS >or MX resolutions). ah, ok. I'll have to see how to configure postfix to accept addresses of [EMAIL PROTECTED] >Lets say I am server1 and my domain is nowhere.com. If I send to a user not >on my list ([EMAIL PROTECTED]), it is considered a local-domain, >non-local user and checks with peering tables to see if a server can be >resolved for delivery (using VRFY, replacing nowhere.com with [x.x.x.x]). so I'm the other peer and I see the incoming msg form servera1 addressed to [EMAIL PROTECTED] and I have 200 Imail domains, only ten of which are peered, so I do I know which of the ten domains [EMAIL PROTECTED] is in? > > > The only way to reduce chatty VRFYs with several > > >IMail peers is to actually replace the IPs of all those peers with an > IP or > > >two for IMGate as the peer (two IMGate IPs in case one fails). In this > > >arrangement IMGate would need to be setup with address maps to the correct > > >servers and able to respond to VRFYs for the trusted IPs of the remote > mail > > >servers. This way IMGate could be configured as the actual IMail peer and > > >would then become the center mailhub. This would reduce VRFY lookups to >other > > >remote locations. For example: > > > > yes, that would keep the VRFYs "in house", good idea. > > > > yep, perfect solution! :)) except IMGate has VRFY turned off. > >Is it possible to configure IMGate to respond to VRFY requests from an IMail >peer? I supposed we can but as with IMail, IMGate prefers strongly to keep VRFY off. If IMGate VRFY was on, and IMGate had the global list of users, then IMGate would VRFY. But can all the Imail peers be told to VRFY at IMGate as the only peer? >Just for local access or trusted IPs? Or would you need a virtual >interface with another postfix instance running? I don't know if VRFY can have a access map, I think not. There is only one param in postfix for this: mx3# postconf | grep vrfy disable_vrfy_command = yes >Peering offers a simple way of keeping all users in the same logical address >domain in IMail It's the basic motivation, but it distributes admin to all the peer boxes, it increases traffic dramatically. Len To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
