[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

[LI] setting up / migrating accts across mailservers

To: Linux India <linux-india@xxxxxxxxxxxxxxxxxxxxx>
Subject: [LI] setting up / migrating accts across mailservers
From: "Suresh Ramasubramanian" <Suresh@xxxxxxxxxxx>
Date: Tue, 23 Nov 1999 19:50:22 +0530
Organization: KCircle [ http://www.kcircle.com ]
Reply-to: linux-india
Sender: owner-linux-india@xxxxxxxxxxxxxxxxxxxxx

This might be of interest - someone posted a query re maintaining a 
single mailbox across mailservers on the LI list.  This might be of 
help if security holes are not to exist.

--- start fwd ---

Basically, I had the old server configured for anti-relay.  This is the 
same server with about 100 virtual web addresses on it so it has a 
LOT of visible IP addresses.   No problems with spam relay there, 
except for an occasional downstream customer with an open relay 
which we would work with on a case by case basis.  

When I moved to the new server, It got a new address.   As an 
interim measure, I installed plugd and redirected all smtp and pop3 
connections to the new box.  This made all the smtp connections 
look like they came from the old server, which is a trusted host for 
relay purposes.  Thus I had an open relay.  

Within 2-3 business days I had some spammers find me for relay 
purposes.  

My solution?

Instead of using plugd, I enabled transparent proxy support for 
smtp in the new mail server (so It would snarf any traffic towards 
the smtp port and eat it as if it was going to it).  Then I went over to 
our core router and enabled a route-map to redirect SMTP traffic 
bound for our key machines (and also downstream open relay 
problems) to our server.  

That way, ALL inbound mail connections for machines I select go to 
this server.   If I have a downstream with a problem, I can now 
"proxy redirect" their mail to me for anti-relay purposes.  

--- end fwd ---



Suresh Ramasubramanian
106D, Aditya Enclave, Ameerpet, Hyderabad 500038, India.
Phone: +(91-40)3736553/3745398 | eFax: +(1-603)590-5437
Suresh@xxxxxxxxxxx | Suresh@xxxxxxxx
http://www.kcircle.com | http://www.angen.net/~pegasus/
    Make it idiot proof and someone will make a better idiot.

--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.

Prev by Subject: Re: [LI] server needed for web hosting
Next by Subject: [LI] Setting up a server
Previous by thread: [LI] Dial in Server
Next by thread: [LI] SiS 6202 partly working
Index(es):
- Subject
- Thread