The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mailscanner and forwards

Discussion in 'E-mail Discussions' started by verdon, May 13, 2006.

  1. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Hi :)

    I have a client who wishes to use GroupWise on their own server, as well as take advantage of Mailscanner on mine. They also wanted to configure their Groupwise installation so it does not have to poll pop accounts on my server (too lazy to do it I think). I think I have things set-up so they will work, but would like to ask about some of my assumptions as well as see if anyone has advice for a more elegant solution.

    What I have done is,

    1) add an A record to their zone file so that inbound.theirdomain.com points to the IP address of their Novell server. Then I added inbound.theirdomain.com to /etc/remotedomains

    2) created the pop accounts they required and a matching fwd for each pop account to fwd the account to a matching account @inbound.theirdomain.com

    3) now I need to add a cron task to periodically empty the inboxes on my server



    To me, this seems a really stupid way of doing things though. Some of the assumptions I've used in determining this strategy may be wrong though, and I'm hoping someone can clarify them for me. I may be able to simplify things if I am wrong.

    Assumption 1) If I use domain fwd'ing for their mail, they will lose all benefit of Mailscanner and Dictionary attack protection from my server? Right or wrong?

    Assumption 2) If I use just fwd's to their Novell server, and no actual mail accounts on my server, then Mailscanner will not scan the forwarded mail? Right or Wrong?


    So, in conclusion, does anyone have a suggestion for a more elegant solution? Should I just tell them, 'don't be so lazy, you're going to have to set the accounts on your Novell server to poll pop accounts on mine'? Any other thoughts?

    Thanks,
    verdon
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    You'll only need the forwarders on your server, not the pop accounts.

    MailScanner will still, I believe, deal with mail that hits your server intended for a forwarder. I believe that mail goes first through MailScanner and then to wherever it should be delivered, be that a local mailbox or forwarders.

    The only time MailScanner doesn't get involved is when you set up a mail filter. Don't ask me why!
     
  3. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Thanks webignition,

    That would definitely simplify things. I just wasn't sure and had a recollection of having read somewhere that fwd'ers would not get scanned unless there was an actual account. I was hoping I was wrong.
     
  4. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    Verdon:

    That's correct ... there is no need to create the physical POP accounts if the mail is simply going to be forwarded. You can in fact have only forward accounts associated with a domain. This way you will not need to empty or delete the mailboxes.

    I have a similar scenario with a couple of clients with some POP accounts but many addresses that forward to their exchange server. MailScanner scans all mail prior to it being forwarded and does not forward certain mail if it meets the criteria as defined in the various rulesets.

    One side note. If you have an SPF record defined in the DNS Zone for the account, make sure you have both the IP of your server AND the IP of their exchange server listed as valid sources for outbound mail.

    The only downside to this approach is you need to keep coordinated -- make sure you have a process set up with their GroupWise administrator so you are notified whenever a new email account is setup ... otherwise you won't know to add the new forwarder.

    Rick
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I'd actually recommend using a smart router. It makes it much simpler to support - it's what we do for clients that want to use MS Exchange servers. You can then have their MX record pointing to your server, leave the domain in /etc/localdomains so that it will relay email and then setup a smart router to deliver their email directly to their GroupWise server:
    http://forums.cpanel.net/showthread.php?t=18201&highlight=smart+router
     
  6. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    Jonathan:

    Thanks for posting the reference link. In following a link to the Exim site in your other post, something jumped out.

    "This causes all non-local addresses to be sent to the single host smarthost.ref.example."

    From your experience using this configuration, does this mean ...

    1) Inbound mail addressed to a "non-local" mailbox will be forwarded ... otherwise the mail is written to the user account on the (cPanel) server?

    2) If this is correct, how does the default address of :fail: come into play -- and dictionary attacks?

    Thanks -

    Rick
     
  7. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Thanks for the tip Chirpy,

    That's an interesting read. I'll have to digest it a bit to be sure I understand, but it sounds like a better solution in the long run.
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    1. No, the non-local bit means that all inbound email (i.e. sent into the server) will be relayed through the smart router. By local, it means any email sent locally on the server (i.e. without leaving it) will be delivered locally.

    2. :fail: doesn't work without a forward lookup
     
    #8 chirpy, May 13, 2006
    Last edited: May 13, 2006
Loading...

Share This Page