Re: [qmailtoaster] SRS with multi frontend smtp
- Original Message - From: Philip Nix Guru [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Saturday, January 27, 2007 4:54 PM Subject: Re: [qmailtoaster] SRS with multi frontend smtp Actually it is more : incoming : internet - scanners - real box if all scanners are down, internet - real box (lowest mx priority) outgoing : realbox - internet(on that setup, customers email arent scanned, we trust them in a way :) ) I just want to point out that by listing your real box as an mx and not having scanning on it you're going to get spammed hard. I used to run a similar setup a couple of years ago and spammers love to go after lower priority mx servers (higher numbers) because they think it's less likely you have scanning on it. Your real server is going to get targeted by the spammers and bypass the other ones. George. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] SRS with multi frontend smtp
Hi George real box is of course scanning aswell Just the frontend smtps are very powerfull machines to handle most of the scanning (we do get a lot of mails) the machine hosting mailboxes isnt as powerful but of course scans any email not originating from the diff smtps Thx for your concern though :) Cheers -Philip George Sweetnam wrote: - Original Message - From: Philip Nix Guru [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Saturday, January 27, 2007 4:54 PM Subject: Re: [qmailtoaster] SRS with multi frontend smtp Actually it is more : incoming : internet - scanners - real box if all scanners are down, internet - real box (lowest mx priority) outgoing : realbox - internet(on that setup, customers email arent scanned, we trust them in a way :) ) I just want to point out that by listing your real box as an mx and not having scanning on it you're going to get spammed hard. I used to run a similar setup a couple of years ago and spammers love to go after lower priority mx servers (higher numbers) because they think it's less likely you have scanning on it. Your real server is going to get targeted by the spammers and bypass the other ones. George. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] SRS with multi frontend smtp
Hello I was just thinking If you have lets say a couple of frontend smtp servers filtering emails before delivering (smtproute) to some other qtoaster machines holding your mailboxes. How would you implement SRS ? If you send an email with machine B (where you have mailboxes and srs configured), you change your envelope sender address of your outgoing message and if then the email gets bounced but goes through another smtp (frontend), machine A (the filtering machine) . How would that work ? You should set exactly same SECRET on all machines or by having smtproute configured for that domain the srs check would get by passed ? or maybe point srs.YOURDOMAIN mx record to the machine used for sending ? (if you got a few ... ?) Just wondering on the good setup in that kind of situation Thx -P - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] SRS with multi frontend smtp
Hey Phil, Set SRS on the machine that has real users. If both machines have real users, set SRS up on both. Don't use the same srs_domain/srs_secret unless both machines are running in a clustered config. Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Hello I was just thinking If you have lets say a couple of frontend smtp servers filtering emails before delivering (smtproute) to some other qtoaster machines holding your mailboxes. How would you implement SRS ? If you send an email with machine B (where you have mailboxes and srs configured), you change your envelope sender address of your outgoing message and if then the email gets bounced but goes through another smtp (frontend), machine A (the filtering machine) . How would that work ? You should set exactly same SECRET on all machines or by having smtproute configured for that domain the srs check would get by passed ? or maybe point srs.YOURDOMAIN mx record to the machine used for sending ? (if you got a few ... ?) Just wondering on the good setup in that kind of situation Thx -P - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] SRS with multi frontend smtp
Hello Erik Thx for the info Erik Espinoza wrote: Hey Phil, Set SRS on the machine that has real users. If both machines have real users, set SRS up on both. Don't use the same srs_domain/srs_secret unless both machines are running in a clustered config. Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Hello I was just thinking If you have lets say a couple of frontend smtp servers filtering emails before delivering (smtproute) to some other qtoaster machines holding your mailboxes. How would you implement SRS ? If you send an email with machine B (where you have mailboxes and srs configured), you change your envelope sender address of your outgoing message and if then the email gets bounced but goes through another smtp (frontend), machine A (the filtering machine) . How would that work ? You should set exactly same SECRET on all machines or by having smtproute configured for that domain the srs check would get by passed ? or maybe point srs.YOURDOMAIN mx record to the machine used for sending ? (if you got a few ... ?) Just wondering on the good setup in that kind of situation Thx -P - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] SRS with multi frontend smtp
Forgot one thing :) the srs.yourdoamin MX record should point to the server hosting the real users or it can point to the MX with the lower priorities ? and can you set as many MX entries as you want ? Thx again for the help Cheers -P Erik Espinoza wrote: Hey Phil, Set SRS on the machine that has real users. If both machines have real users, set SRS up on both. Don't use the same srs_domain/srs_secret unless both machines are running in a clustered config. Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Hello I was just thinking If you have lets say a couple of frontend smtp servers filtering emails before delivering (smtproute) to some other qtoaster machines holding your mailboxes. How would you implement SRS ? If you send an email with machine B (where you have mailboxes and srs configured), you change your envelope sender address of your outgoing message and if then the email gets bounced but goes through another smtp (frontend), machine A (the filtering machine) . How would that work ? You should set exactly same SECRET on all machines or by having smtproute configured for that domain the srs check would get by passed ? or maybe point srs.YOURDOMAIN mx record to the machine used for sending ? (if you got a few ... ?) Just wondering on the good setup in that kind of situation Thx -P - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] SRS with multi frontend smtp
Philip, I don't know how you have everything configured, so I can't tell you how to run your infrastructure. As far as multiple entries, I'd recommend doing srs1.yourdomain.com for the first box, srs2.yourdomain.com and srs3 and so forth. Unless they are running in a clustered configuration. Thanks, Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Forgot one thing :) the srs.yourdoamin MX record should point to the server hosting the real users or it can point to the MX with the lower priorities ? and can you set as many MX entries as you want ? Thx again for the help Cheers -P Erik Espinoza wrote: Hey Phil, Set SRS on the machine that has real users. If both machines have real users, set SRS up on both. Don't use the same srs_domain/srs_secret unless both machines are running in a clustered config. Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Hello I was just thinking If you have lets say a couple of frontend smtp servers filtering emails before delivering (smtproute) to some other qtoaster machines holding your mailboxes. How would you implement SRS ? If you send an email with machine B (where you have mailboxes and srs configured), you change your envelope sender address of your outgoing message and if then the email gets bounced but goes through another smtp (frontend), machine A (the filtering machine) . How would that work ? You should set exactly same SECRET on all machines or by having smtproute configured for that domain the srs check would get by passed ? or maybe point srs.YOURDOMAIN mx record to the machine used for sending ? (if you got a few ... ?) Just wondering on the good setup in that kind of situation Thx -P - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] SRS with multi frontend smtp
Hi yes was thinking doing something similiar My concern is more the return bounced message, the outgoing signing process is trivial The setup I wanna add SRS support is 1 machine running a qtoaster based system, holding the real users, machine used by the same users to send emails.. Then there are 3 other qtoaster machines dedicated to only do the scanning and routing of the incoming mails once scanned , emails are smtprouted to that box mentioned previously I was wondering how the srs process handles that situation If you only set srs on the box with the real users and the mx to that same box .. it should work I was wondering if setting it aswell on the filtering machines could change its behavior I didnt find any infos on that sort of setup. On anothe note , a new version of the patch has been released http://opensource.mco2.net/download/qmail/qmail-srs-0.5.patch 2007-01-11 (0.5): * Added parameters srs_separator and srs_alwaysrewrite from libsrs2. just for the info :) Erik Espinoza wrote: Philip, I don't know how you have everything configured, so I can't tell you how to run your infrastructure. As far as multiple entries, I'd recommend doing srs1.yourdomain.com for the first box, srs2.yourdomain.com and srs3 and so forth. Unless they are running in a clustered configuration. Thanks, Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Forgot one thing :) the srs.yourdoamin MX record should point to the server hosting the real users or it can point to the MX with the lower priorities ? and can you set as many MX entries as you want ? Thx again for the help Cheers -P Erik Espinoza wrote: Hey Phil, Set SRS on the machine that has real users. If both machines have real users, set SRS up on both. Don't use the same srs_domain/srs_secret unless both machines are running in a clustered config. Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Hello I was just thinking If you have lets say a couple of frontend smtp servers filtering emails before delivering (smtproute) to some other qtoaster machines holding your mailboxes. How would you implement SRS ? If you send an email with machine B (where you have mailboxes and srs configured), you change your envelope sender address of your outgoing message and if then the email gets bounced but goes through another smtp (frontend), machine A (the filtering machine) . How would that work ? You should set exactly same SECRET on all machines or by having smtproute configured for that domain the srs check would get by passed ? or maybe point srs.YOURDOMAIN mx record to the machine used for sending ? (if you got a few ... ?) Just wondering on the good setup in that kind of situation Thx -P - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] SRS with multi frontend smtp
Hey Phil, Sounds like you have the following config: real box - 3 scanners - Internet If this is correct, then only the real box needs srs setup. As far as the latest srs patch, we're already including it on the devel site. Marcelo and I are in communication about srs status. Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Hi yes was thinking doing something similiar My concern is more the return bounced message, the outgoing signing process is trivial The setup I wanna add SRS support is 1 machine running a qtoaster based system, holding the real users, machine used by the same users to send emails.. Then there are 3 other qtoaster machines dedicated to only do the scanning and routing of the incoming mails once scanned , emails are smtprouted to that box mentioned previously I was wondering how the srs process handles that situation If you only set srs on the box with the real users and the mx to that same box .. it should work I was wondering if setting it aswell on the filtering machines could change its behavior I didnt find any infos on that sort of setup. On anothe note , a new version of the patch has been released http://opensource.mco2.net/download/qmail/qmail-srs-0.5.patch 2007-01-11 (0.5): * Added parameters srs_separator and srs_alwaysrewrite from libsrs2. just for the info :) Erik Espinoza wrote: Philip, I don't know how you have everything configured, so I can't tell you how to run your infrastructure. As far as multiple entries, I'd recommend doing srs1.yourdomain.com for the first box, srs2.yourdomain.com and srs3 and so forth. Unless they are running in a clustered configuration. Thanks, Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Forgot one thing :) the srs.yourdoamin MX record should point to the server hosting the real users or it can point to the MX with the lower priorities ? and can you set as many MX entries as you want ? Thx again for the help Cheers -P Erik Espinoza wrote: Hey Phil, Set SRS on the machine that has real users. If both machines have real users, set SRS up on both. Don't use the same srs_domain/srs_secret unless both machines are running in a clustered config. Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Hello I was just thinking If you have lets say a couple of frontend smtp servers filtering emails before delivering (smtproute) to some other qtoaster machines holding your mailboxes. How would you implement SRS ? If you send an email with machine B (where you have mailboxes and srs configured), you change your envelope sender address of your outgoing message and if then the email gets bounced but goes through another smtp (frontend), machine A (the filtering machine) . How would that work ? You should set exactly same SECRET on all machines or by having smtproute configured for that domain the srs check would get by passed ? or maybe point srs.YOURDOMAIN mx record to the machine used for sending ? (if you got a few ... ?) Just wondering on the good setup in that kind of situation Thx -P - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] SRS with multi frontend smtp
Actually it is more : incoming : internet - scanners - real box if all scanners are down, internet - real box (lowest mx priority) outgoing : realbox - internet(on that setup, customers email arent scanned, we trust them in a way :) ) For instance with spf , all 4 servers can check if the sender's domain complies with the domain's stated policy. so mail can be dropped/ rejected by the scanners. I was wondering if srs could somehow drop a bounced message at the scanners level in that setup. Just curious .. couldnt find much infos about it Have a nice evening Erik and thx for the infos .. Erik Espinoza wrote: Hey Phil, Sounds like you have the following config: real box - 3 scanners - Internet If this is correct, then only the real box needs srs setup. As far as the latest srs patch, we're already including it on the devel site. Marcelo and I are in communication about srs status. Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Hi yes was thinking doing something similiar My concern is more the return bounced message, the outgoing signing process is trivial The setup I wanna add SRS support is 1 machine running a qtoaster based system, holding the real users, machine used by the same users to send emails.. Then there are 3 other qtoaster machines dedicated to only do the scanning and routing of the incoming mails once scanned , emails are smtprouted to that box mentioned previously I was wondering how the srs process handles that situation If you only set srs on the box with the real users and the mx to that same box .. it should work I was wondering if setting it aswell on the filtering machines could change its behavior I didnt find any infos on that sort of setup. On anothe note , a new version of the patch has been released http://opensource.mco2.net/download/qmail/qmail-srs-0.5.patch 2007-01-11 (0.5): * Added parameters srs_separator and srs_alwaysrewrite from libsrs2. just for the info :) Erik Espinoza wrote: Philip, I don't know how you have everything configured, so I can't tell you how to run your infrastructure. As far as multiple entries, I'd recommend doing srs1.yourdomain.com for the first box, srs2.yourdomain.com and srs3 and so forth. Unless they are running in a clustered configuration. Thanks, Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Forgot one thing :) the srs.yourdoamin MX record should point to the server hosting the real users or it can point to the MX with the lower priorities ? and can you set as many MX entries as you want ? Thx again for the help Cheers -P Erik Espinoza wrote: Hey Phil, Set SRS on the machine that has real users. If both machines have real users, set SRS up on both. Don't use the same srs_domain/srs_secret unless both machines are running in a clustered config. Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Hello I was just thinking If you have lets say a couple of frontend smtp servers filtering emails before delivering (smtproute) to some other qtoaster machines holding your mailboxes. How would you implement SRS ? If you send an email with machine B (where you have mailboxes and srs configured), you change your envelope sender address of your outgoing message and if then the email gets bounced but goes through another smtp (frontend), machine A (the filtering machine) . How would that work ? You should set exactly same SECRET on all machines or by having smtproute configured for that domain the srs check would get by passed ? or maybe point srs.YOURDOMAIN mx record to the machine used for sending ? (if you got a few ... ?) Just wondering on the good setup in that kind of situation Thx -P - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] SRS with multi frontend smtp
SRS is just a rewriting scheme. It has no pass/fail, just rewrite conditions. No need to worry about rejectoins Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Actually it is more : incoming : internet - scanners - real box if all scanners are down, internet - real box (lowest mx priority) outgoing : realbox - internet(on that setup, customers email arent scanned, we trust them in a way :) ) For instance with spf , all 4 servers can check if the sender's domain complies with the domain's stated policy. so mail can be dropped/ rejected by the scanners. I was wondering if srs could somehow drop a bounced message at the scanners level in that setup. Just curious .. couldnt find much infos about it Have a nice evening Erik and thx for the infos .. Erik Espinoza wrote: Hey Phil, Sounds like you have the following config: real box - 3 scanners - Internet If this is correct, then only the real box needs srs setup. As far as the latest srs patch, we're already including it on the devel site. Marcelo and I are in communication about srs status. Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Hi yes was thinking doing something similiar My concern is more the return bounced message, the outgoing signing process is trivial The setup I wanna add SRS support is 1 machine running a qtoaster based system, holding the real users, machine used by the same users to send emails.. Then there are 3 other qtoaster machines dedicated to only do the scanning and routing of the incoming mails once scanned , emails are smtprouted to that box mentioned previously I was wondering how the srs process handles that situation If you only set srs on the box with the real users and the mx to that same box .. it should work I was wondering if setting it aswell on the filtering machines could change its behavior I didnt find any infos on that sort of setup. On anothe note , a new version of the patch has been released http://opensource.mco2.net/download/qmail/qmail-srs-0.5.patch 2007-01-11 (0.5): * Added parameters srs_separator and srs_alwaysrewrite from libsrs2. just for the info :) Erik Espinoza wrote: Philip, I don't know how you have everything configured, so I can't tell you how to run your infrastructure. As far as multiple entries, I'd recommend doing srs1.yourdomain.com for the first box, srs2.yourdomain.com and srs3 and so forth. Unless they are running in a clustered configuration. Thanks, Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Forgot one thing :) the srs.yourdoamin MX record should point to the server hosting the real users or it can point to the MX with the lower priorities ? and can you set as many MX entries as you want ? Thx again for the help Cheers -P Erik Espinoza wrote: Hey Phil, Set SRS on the machine that has real users. If both machines have real users, set SRS up on both. Don't use the same srs_domain/srs_secret unless both machines are running in a clustered config. Erik On 1/27/07, Philip Nix Guru [EMAIL PROTECTED] wrote: Hello I was just thinking If you have lets say a couple of frontend smtp servers filtering emails before delivering (smtproute) to some other qtoaster machines holding your mailboxes. How would you implement SRS ? If you send an email with machine B (where you have mailboxes and srs configured), you change your envelope sender address of your outgoing message and if then the email gets bounced but goes through another smtp (frontend), machine A (the filtering machine) . How would that work ? You should set exactly same SECRET on all machines or by having smtproute configured for that domain the srs check would get by passed ? or maybe point srs.YOURDOMAIN mx record to the machine used for sending ? (if you got a few ... ?) Just wondering on the good setup in that kind of situation Thx -P - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]