SMTP Mail forwarding instead of MX?

[beddo]

Hi folks,
I'm asking about something which Cpanel doesn't do by default (that I can see) but would be a very good feature as far as I am concerned.

For mail hosting at the moment, Cpanel provides two options:

1) Accept the mail on the server and hold for POP/IMAP collection
2) Set the MX record to point somewhere else.

I used to work for an ISP who provided a different form of mail hosting. This option means that mail comes into the server. An attempt is then made to forward the message on to the destination IP address, if this fails it is held for retry. In the case of the provider I worked for, retries would ocurr at fixed intervals or when the customer issued a finger request from the destination IP address.

This has the advantage of putting the messages through spam and antivirus filtering, and also that messages aren't rejected if the customer's ADSL goes down.

So is this option available in CPanel? If not has anyone developed a solution to set this up?

[VISL]

This is something I am looking to do but haven't a clue how to do it

[mtindor]

Some would call that "ETRN" - especially old Sendmail folks. It's nice in theory, but unless your spam filtering MX knows the actual email accounts that exist on the destination server, it has to accept ALL mail for that domain (legitimate, nonlegitimate, specifically addressed and nonexistent alike). As soon as somebody sends a gazillion messages to every guessible name @domain, the server suddenly dies because of the extreme load - again because it has to accept mail for ALL email addresses (existent or not) and then try to forward them.

Your scenario would mean:
I could send 20,000 messages to a combination of email addresses @domain.com (none of which exist) - the server would have to accept them all, spam-process all of them, then try to forward them to the recipient mail server. If the recipient mail server is down, your mail spool gets HUGE and your machine dies (if it hasn't already died from the spam processing). If your server then sends the mail to the recipient server and only 1 out of the 20,000 email addresses is a valid email address, the recipient mail server rejects the messages, forcing your system to generate bounce messages back to the 19,999 senders (most likely forged).

So you have HUGE spam processing load, HUGE amounts of spam to nonexistent email addresses which have to get processed, HUGE numbers of bounces, blacklisted MX, etc., etc.

ETRN was smart 15 years ago - but times have changed. The only way you shoudl attempt to have a 'backup' MX is if the backup MX truly knows of the existence of ALL email accounts on the recipient server so that it can properly reject incoming email send to nonexistent_addresses@recipient_domain.com.

Mike

[beddo]

That's the beast, I'd forgotten everything about what it was called except the name of the server it used to run on. To be honest, the majority of domains on our server don't receive a silly enough amount of traffic to cause problems. Infact the ones that are currently in need of this service except all mail to a catchall to be collected via an exchange pop3 collector or equivalent so they would be subject to exactly the same issues.

Its worth bearing in mind for heavy traffic domains but it would still be an extremely useful tool so I'll look into it if I actually get a few spare minutes sometime soon!

[chirpy]

You can use an exim smart router to do this very easily:

http://forums.cpanel.net/showthread.php?t=18201

[SageBrian]

Its worth bearing in mind for heavy traffic domains but it would still be an extremely useful tool so I'll look into it if I actually get a few spare minutes sometime soon!

ANY domain can get hit with a wave of spam. It doesn't matter if they usually get only 2 emails a day. Spammers don't care.
They simply go through a list of domain names, and send a dictionary attack sending emails to every name that has ever existed since dinosaurs were around.

If you haven't been hit by one yet, you are either lucky, or you have settings to prevent a dictionary attack.

As for catch-all mailboxes, there's enough written about how bad they are.
For those accounts that need to use their exchange server, but want the benefit of the spam filtering, I have them use the POP3 retrieval, but then I also have them setup up forwards for each mailbox they have in exchange. This allows my server to reject any misaddressed emails.

[mtindor]

That's the beast, I'd forgotten everything about what it was called except the name of the server it used to run on. To be honest, the majority of domains on our server don't receive a silly enough amount of traffic to cause problems. Infact the ones that are currently in need of this service except all mail to a catchall to be collected via an exchange pop3 collector or equivalent so they would be subject to exactly the same issues.

Its worth bearing in mind for heavy traffic domains but it would still be an extremely useful tool so I'll look into it if I actually get a few spare minutes sometime soon!

Just so you know - When we have a customer who absolutely needs to use us as the primary MX but they are using a local mail server on their LAN, if they want to have a catchall alias we forbid it.

Instead, we tell them - set up one POP3 account, and then set up a forwarder for each valid email account you want to receive email for and forward it to the POP3 account. This way our servers still only have to accept mail for valid addresses.

Of course, we also notify them that if they add or remove email addresses on their Exchange server (or whatever mail server they are using on their LAN), then they need to also add or remove the corresponding email address on our server.

Mike

[mtindor]

As for catch-all mailboxes, there's enough written about how bad they are.
For those accounts that need to use their exchange server, but want the benefit of the spam filtering, I have them use the POP3 retrieval, but then I also have them setup up forwards for each mailbox they have in exchange. This allows my server to reject any misaddressed emails.

Exactly... I posted my last response before I read yours, so I ended up repeating what you said... This definitely works well enough, if one must do it at all.

Mike

[SageBrian]

Exactly... I posted my last response before I read yours, so I ended up repeating what you said... This definitely works well enough, if one must do it at all.

Mike

Yes. But you wrote it so much betterer.