Email Server Solution
Ugo Bellavance
ugob at camo-route.com
Thu Jul 28 16:06:18 UTC 2005
Steve Buehler wrote:
> I had to resend this because the list software didn't like the
> Subject. Anyway, here is the email.
> We are running multiple RedHat boxes. Anywhere from 7.3 to RHEL ES
> 4. Each server has between 1 and 300 sites on them. I am trying to
> find out a solution to a problem that we are having with AOL and RBL's.
> We have come to the conclusion that we will need another server just for
> email. That defeats the purpose of our Ensim Control panel that we use
> since it isn't set up to allow for multiple servers to separate out the
> email.
> To get blocked, all it seems to take is one client that has a virus
> on his computer sending out through his email account and our whole
> server gets blocked because all sites email always goes out from the
> main servers IP address, not the IP address of there domain/account. It
> would be nice if email would appear to come from the IP of the domain
> and not the IP of the server itself. That way we could at least narrow
> down which domain is causing the problems.
> All of our servers that we have are dual processor XEON's with 2 gig
> of memory and SATA or SCSI drives, usually in RAID configurations. If
> we try running SpamAssassin and a Virus Scanner on the servers for the
> email, it slows the servers down to a crawl at times. I know there are
> providers that aren't having this kind of problems. We would like to
> have ONE control panel where the customer can administer there sites
> including email. That will mean that we will have to get rid of the
> Ensim Control panel because it will not allow for administering sites
> and email if the they are on different servers. Only two of our servers
> uses the Ensim Control panel for clients. The other servers don't have
> control panels but we still can't run SpamAssassin and/or a Virus
> Scanner on them for the email because it just slows the he** out of them.
> We don't allow spammers on our systems and greatly hinder the
> ability to have mailing lists. We allow them, but we check out to make
> sure they are double opt in and we know most of our clients personally.
> The latest block from AOL is from a server that doesn't even send out
> email because the program for the store that is on there is not
> completely written yet and the email part is not even started yet.
> Apparently from what we can gather is that a spammer is using the ONLY
> domain name that is on it as a return address. I have even shut off
> email programs on it completely just to make sure. It has not been
> hacked that we can see and all of our servers can only be SSH'd into
> from 2 IP addresses. Telnet is turned off. I don't allow any client to
> ever SSH into their accounts. I won't even give the bosses and owners
> the root password or access to them for SSH. All IP's but 2 are blocked
> at the main firewall and the firewall that is on each system. It is not
> impossible that one of our servers where hacked, but it is very very
> unlikely especially for the one that has the incomplete store software
> on it and no other sites. I do realize that being blocked because of a
> spammer that is using one of our domains for a return address is
> something that we can't do anything about.
> Any help and suggestions would be greatly appreciated.
>
> Thank You and Vote for the Death Penalty at your next election for
> anyone who is caught Spamming.
> Steve
>
My suggestion would be to have 2 or more servers running MailScanner +
SpamAssassin in front of all your servers. Have incoming and outgoing
e-mails going through it. MailScanner will process the mail, then
deliver to the right server, depending on the domain.
There is a way to have the management interface for MailScanner
(MailWatch) centralized (one interface for all servers) for a small fee.
You can contact me offlist or have a look at the MailScanner mailing
list if you'd like to have more info.
Regards,
--
Ugo
-> Please don't send a copy of your reply by e-mail. I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the
irrelevant parts in your replies.
More information about the redhat-list
mailing list