Re: [qmailtoaster] Re: keeping Qmail SMTP in DMZ

2014-08-02 Thread Hasan Akgöz 
Hi ;

qmail can do a basic setup using a script (
http://www.syslogs.org/qmail/scripts/qinstaller.cnt6x.tar.gz  for centos
6). In this way you can  your mail server open to relay.In this way you can
send notification emails. ( example for nagios etc.. )


2014-08-01 16:17 GMT+03:00 Dan McAllister :

>  It is EXCEPTIONALLY easy to setup QMail as a relay:
>
> *For inbound traffic relay:*
>  - First, setup a route (in */var/qmail/control/smtproutes*) that points
> your domain(s) to your "hidden" mail server
> Read more about smtproutes on our website (yes, its still there)
>   http://wiki.qmailtoaster.com/index.php/Smtproutes
> An example entry might be:
>   *example.com:192.168.1.2* address of the hidden mail server>
>  - Next, add the same domain(s) to your allowed domains (in
> */var/qmail/control/rcpt**hosts*)
> Read more about smtproutes on our website (yes, its still there)
>   http://wiki.qmailtoaster.com/index.php/Rcpthosts
> An example entry might be:
>   *example.com *
>   - 3rd (optional, but *recommended*) -- tell your "hidden" mail server
> to accept PORT 25 connections ONLY from the Smart(Qmail)Host.
>  If your "hidden" mail server is QMail, you could do this in your
> firewall, or tcprules
>
>
> *For outbound traffic relay: * - First, do what is necessary on your
> "hidden" mail server to send all mail to the smart host
>- If that is QMAIL, you will add a DEFAULT entry to your *smtproutes *file
> (see above)
>  An example entry might be:
>   *:192.168.1.3* Smart(Qmail) server>
>  - Then, configure your Smart(Qmail) server to do whatever level of
> scanning of INBOUND mail you want (usually little to none)
> This is usually done with an entry in tcprules, for example:
> *192.168.1.2:allow,RELAYCLIENT="",SENDER_NOCHECK="1"  *
>
>
> *Finally: * Configure your Smart(Qmail) server to do whatever SPAM and/or
> AntiVirus scanning you want... and that's it!
>  *That's a grand total of 2 to 3 files to edit* (except for
> customizations on the scanning itself)
>
> FWIW: I setup QMT as a smarthost on MOST of my clients who have Exchange
> -- cuts the processing load on the Exchange by usually 50-75%, as the QMT
> handles the "dumb SPAM" much more quickly and efficiently.
>
> I hope this helps!
>
> Dan McAllister
>
>
>
>
>
> On 8/1/2014 2:03 AM, Sebastian Grewe wrote:
>
> I don't think you need qmail for that. If it's a simple relay that you
> want to run Id probably go for Exim4 or Postfix. They can do this simple
> work easily and there is probably a lot of documentation available how to
> set it up.
>
>  For added security you should consider using firewall rules to only
> allow that amazon instance access to it.
>
> Cheers,
> Sebastian
>
> On 01.08.2014, at 07:59, Aneesh Hariyappan  wrote:
>
>hi seb / eric
>  we are on the same page... thanks for your answers .. Is it possible to
> setup the mail relay agent in DMZ ? I dont know the full capabilities of
> Qmail . Does QMail have a relay agent ? if so give me some help to set it up
>
>  cheers!!
>
>
>
> On Fri, Aug 1, 2014 at 12:59 AM, Eric Shubert  wrote:
>
>> So I guess the answer to his original question is "yes". :)
>>
>> It depends on the circumstances (requirements and constraints) as to how
>> best to achieve the result.
>>
>> Thanks Sebastian. I presume Aneesh will reply with any further questions
>> he might have.
>>
>> --
>> -Eric 'shubes'
>>
>>
>> On 07/31/2014 11:20 AM, Sebastian Grewe wrote:
>>
>>> I think they don't wanna take any risk and loop it through an internal
>>> connection. No outside one at all.
>>>
>>> Under that aspect I see a relay being useful. It can deal with nasty
>>> stuff instead of the important machine on the LAN.
>>>
>>> Could be a security requirement in the company, maybe PCI compliance ;-)
>>>
>>> Cheers,
>>> Sebastian
>>>
>>>  On 31.07.2014, at 20:08, Eric Shubert  wrote:

  On 07/31/2014 10:30 AM, Sebastian Grewe wrote:
> I think the mail server is not connected to the internet and does not
> handle "public domain" emails. It only handled email tragic internally. So
> the cloud app needs a way "in" and the idea is to use a simple public mta
> that accepts the mail as-is and passes it on to the internal server which
> delivers to the user(s).
>
> I think a simple mail relay will do the trick allowing traffic from
> that one IP.
>
> Cheers,
> Sebastian
>

 I see. I believe you're correct.

 Why bother with the relay though? The intranet mail host could be
 configured to accept external email only from the cloud host, as well as
 intranet connections. Simply modify the tcp.smtp file accordingly. No?

 --
 -Eric 'shubes'


 -
 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail:
 qmailtoaster-li

Re: [qmailtoaster] Re: Prevent sender from spoofing email address

2014-08-02 Thread Hasan Akgöz 
Hi Guys;

I've been misunderstood. Eric says "I'm curious to know if there's a way to
do this with postfix" . I have to think about what you want to learn how to
write. If there is not anything to compare with postix. In the meantime, my
car is damaged lights, car lights change to change is not it make more
sense :) . I read the source code a bit. I'm working on a patch.I will be
sharing the results.

good works.


2014-07-28 17:39 GMT+03:00 Eric Shubert :

> I already have the domain emailtoaster.com. :)
>
> --
> -Eric 'shubes'
>
>
> On 07/28/2014 07:34 AM, Sebastian Grewe wrote:
>
>> He does have a point there :D or just mail-toaster!
>>
>>  On 28.07.2014, at 16:31, Dan McAllister  wrote:
>>>
>>>  On 7/27/2014 1:58 AM, Eric Shubert wrote:

> On 07/26/2014 09:03 PM, Hasan Akgöz wrote:
> I have both postfix and qmail mail servers. smtpd_sender_login_maps (
> for postfix) The controlled_envelope_senders table specifies the
> binding
> between a sender envelope address and the SASL login names that own
> that
> address. You can use regex ( pcre ) or mysql tables etc..  for it. in
> the meantime Why not suitable for QMT.?
>

 I believe that this is what I described as being practical (without
 knowing of this capability in postfix). It's not suitable for QMT largely
 because it would involve a fairly major change to vpopmail and qmail, which
 is something we simply don't have resources to do. Perhaps "suitable"
 wasn't the best term to use.

 That being said, I think we should add this to the reasons for
 switching to postfix at some point in the future for use as a submission
 server, if not all roles which use smtp (also mx and sending, which use
 smtp).

 Another reason for using postfix is that it can be configured to
 throttle outbound messages. This is something that could be patched into
 qmail-remote (as we've discussed and I've even written a spec for), but at
 this point I feel that whatever time is spent doing this might be better
 spent converting to postfix.

 Anyone care to share their thoughts about this?

 Thanks.

  If we switch everything over to postfix, shouldn't we rename the
>>> project "postfix-toaster"?
>>>
>>> 
>>>
>>> Dan
>>>
>>>
>>>
>>> --
>>> IT4SOHO, LLC
>>> 33 - 4th Street N, Suite 211
>>> St. Petersburg, FL 33701-3806
>>>
>>> CALL TOLL FREE:
>>>   877-IT4SOHO
>>>
>>> 877-484-7646 Phone
>>> 727-647-7646 Local
>>> 727-490-4394 Fax
>>>
>>> We have support plans for QMail!
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>>
>>>
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>
>>
>>
>
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>