Good afternoon friends, implemented EFA, did a deployment of OVF in My VMware Infrastructure ESX, Working THIS, not yet, not hit as e-mail forwarding settings, the What should pass a paragraph Responsibility EFA My e Server -mail Zimbra And 8.5+. My topology is currently organized as follows:
1. Iptables edge firewall in Linux Suse, with the external network interface configured with aliases dedicated to answer email requests. However, the mail server is with invalid ip inside the DMZ, running with DNS-SPLIT.
2. What should I do, put my DNS-Bind, which is running on my firewall, changing the MX record for the new IP EFA?
3. Currently I do destination NAT for all traffic coming into the MTA, the ports 25, 110, 995 and etc, that traffic should be sent now to the EFA? For I brought these changes, the EFA I monitor the log file with tail -f / var / log / maillog, I realize that when sending gmail email for my domain he arrives in EFA, but not enough in Zimbra, which can be ?
Att
EFA Super-Begginer
Re: EFA Super-Begginer
I assume English is not your first langauge and you used some online translator? If so, could you post the original message in your original language as well? One of us might understand it better than the automatic translation.
If I am translating the translation correctly, this is your current configuration:
firewall <-> zimbra
and you want to do this:
firewall <-> efa <-> zimbra
Is that correct?
If I am translating the translation correctly, this is your current configuration:
firewall <-> zimbra
and you want to do this:
firewall <-> efa <-> zimbra
Is that correct?
Re: EFA Super-Begginer
Bom dia pdwalker, desculpe pela má tradução, você fala Português-Brasil ?
Eu quero de fato essa configuração;
firewall <-> efa <-> zimbra
Mas não estou recebendo os e-mails no zimbra, não sei porque, essa é minha configuração(configuration) de dns-bind ATUAL(actually);
@ IN MX 0 mail.dugregorio.com.br.
agora é;
@ IN MX 0 efa.dugregorio.com.br.
A pergunta é, no meu redirecionamento(rdr) muda alguma coisa? Eu vou ter que redirecionar(rdr) para o novo(new) servidor(srv) EFA o tráfego(traffic) de entrada(inbound) das portas 25,110,995,993?
Eu quero de fato essa configuração;
firewall <-> efa <-> zimbra
Mas não estou recebendo os e-mails no zimbra, não sei porque, essa é minha configuração(configuration) de dns-bind ATUAL(actually);
@ IN MX 0 mail.dugregorio.com.br.
agora é;
@ IN MX 0 efa.dugregorio.com.br.
A pergunta é, no meu redirecionamento(rdr) muda alguma coisa? Eu vou ter que redirecionar(rdr) para o novo(new) servidor(srv) EFA o tráfego(traffic) de entrada(inbound) das portas 25,110,995,993?
Re: EFA Super-Begginer
No, my Brazilian Portuguese is very bad, but I can play with the online translators and get a better translation.
Your problem should be simple to solve.
Give me 10 more minutes to write down my explanation (in English
)
Your problem should be simple to solve.
Give me 10 more minutes to write down my explanation (in English
)Re: EFA Super-Begginer
Your original configuration:
FW <-> ZIMBRA
Your new configuration for incoming and outgoing mail is:
FW <-> EFA <-> ZIMBRA
To make this work, you need only to make a couple of small changes:
You do not need to change your POP port mapping because ZIMBRA provides that service, not EFA.
Now in the EFA configuration, you need to tell EFA to send mail for dugregorio.com.br to the ZIMBRA server (192.168.1.1).
Your EFA configuraiton will look like:
1) dugregorio.com.br 192.168.1.1
Now EFA will receive the mail and EFA will know where to send the mail after it has been processed (to ZIMBRA).
As for configuring ZIMBRA, I am not familiar with the program. If ZIMBRA can send mail now, you don't actually have to change anything. However, I recommend that you use EFA to send mail as well.
example:
> = incoming mail
< = outgoing mail
incoming mail, processed by efa
internet > fw > efa > zimbra
outgoing mail, not processed by efa
internet < fw < zimbra
(preferred) outgoing mail, processed by efa as "smarthost" for zimbra
internet < fw < efa < zimbra
Does this make more sense now? (I hope this translates)
FW <-> ZIMBRA
- mail.dugregorio.com.br originally had a public ip that points to FW
- FW used NAT mapping to map the ports (25, 110, 995, etc) to ZIMBRA.
Your new configuration for incoming and outgoing mail is:
FW <-> EFA <-> ZIMBRA
To make this work, you need only to make a couple of small changes:
- NAT map port 25 from FW to point to EFA, not ZIMBRA
- configure ZIMBRA to use EFA as a "smarthost" rather than ZIMBRA sending the mail itself
- configure EFA to relay mail for your domain. The instructions are here
- FW = public ip address = x.x.x.x
- ZIMBRA = private ip address 192.168.1.1
- EFA = private ip address = 192.168.1.100
- mail.dugregorio.com.br A x.x.x.x
- dugregorio.com.br mx 0 mail.dugregorio.com.br
You do not need to change your POP port mapping because ZIMBRA provides that service, not EFA.
Now in the EFA configuration, you need to tell EFA to send mail for dugregorio.com.br to the ZIMBRA server (192.168.1.1).
Your EFA configuraiton will look like:
1) dugregorio.com.br 192.168.1.1
Now EFA will receive the mail and EFA will know where to send the mail after it has been processed (to ZIMBRA).
As for configuring ZIMBRA, I am not familiar with the program. If ZIMBRA can send mail now, you don't actually have to change anything. However, I recommend that you use EFA to send mail as well.
example:
> = incoming mail
< = outgoing mail
incoming mail, processed by efa
internet > fw > efa > zimbra
outgoing mail, not processed by efa
internet < fw < zimbra
(preferred) outgoing mail, processed by efa as "smarthost" for zimbra
internet < fw < efa < zimbra
Does this make more sense now? (I hope this translates)
Re: EFA Super-Begginer
Prezado pdwalker, informo que as configurações que me passara, realmente foram de grande valor. Quanto a saída de e-mail, fiz utilizando "smarthost", ao invés de deixar o próprio zimbra fazer "relay". No mais está funcionando até o momento, o que de fato está me intrigando é a "gleylist", está bloqueando alguns e-mails que não era para bloquear, que de fato são confiáveis, mesmo eu liberando eles, o MTA não faz a entrega, ou seja, tem que enviar novamente? ele não fica guardado na "mailbox" do EFA não?
Dear pdwalker , I inform you that the settings that passed me , were really great value. As for e- mail output, made using " smarthost " , rather than letting the zimbra own doing " relay" . In the most is working so far, which in fact is puzzling me is the " gleylist " is blocking some emails that was not to block , which in fact are reliable, even I releasing them, the MTA does delivery ie have to resend ? it does not get stored in the "mailbox " of EFA not ?
Dear pdwalker , I inform you that the settings that passed me , were really great value. As for e- mail output, made using " smarthost " , rather than letting the zimbra own doing " relay" . In the most is working so far, which in fact is puzzling me is the " gleylist " is blocking some emails that was not to block , which in fact are reliable, even I releasing them, the MTA does delivery ie have to resend ? it does not get stored in the "mailbox " of EFA not ?
Re: EFA Super-Begginer
I think the greylisting is ok.
Greylisting will cause the mail to be delayed, not blocked. This is normal.
A good mail program will resend the mail. A bad spammer program will not.
When the good mail server resends the mail, the greylisting program will "learn" that the sending mail server is "ok" and will not delay the mail in the future.
You can test this yourself. Send mail from another domain. Watch the log files and see that the greylisting program will ask the sending mailserver to delay the mail.
After you receive the mail, send another message from the same account. You should see that the mail comes straight in, without delay. If so, it means the greylisting is working properly.
Greylisting will cause the mail to be delayed, not blocked. This is normal.
A good mail program will resend the mail. A bad spammer program will not.
When the good mail server resends the mail, the greylisting program will "learn" that the sending mail server is "ok" and will not delay the mail in the future.
You can test this yourself. Send mail from another domain. Watch the log files and see that the greylisting program will ask the sending mailserver to delay the mail.
After you receive the mail, send another message from the same account. You should see that the mail comes straight in, without delay. If so, it means the greylisting is working properly.