smtp help

michael kalinowski · ‎02-02-2008

Not sure if this is the right forum for this question but here is the situation. We lease bandwidth to supply internet service to a small community in the far north. This company is going to block all outgoing smtp traffic not destined for their mail server. Rather than have all our internet customers reconfigure their email client, which would be a bit of a challenge for them, I would like configure an ACL on the router that handles all traffic for this site to forward all smtp traffic to the new mail server. First...is this a viable solution and second how would I go about doing this? Thanks a bunch for any assistance.

Danilo Dy · ‎02-02-2008

Hi,

You mean you have an old and new smtp server and you want all traffic to be routed to new smtp server?

Well, there are more to it than using ACL in the router to reroute traffic destined to the old smtp server to the new smtp server. Mostly this is a job of the mail administrator, proper planning and such.

To redirect all incoming mail from other domain to your domain new mail server, change the MX record with the new smtp ip address, or create a new MX record for the new smtp ip address with a higher priority than the old MX record. Don't forget to create PTR record for the new smtp server. i.e.

...from...

company.com. IN MX 10 oldsmtp.company.com.

oldsmtp.company.com. IN A 10.0.0.1

...to...

company.com. IN MX 10 oldsmtp.company.com.

oldsmtp.company.com. IN A 192.168.0.1

...or...

company.com. IN MX 5 newsmtp.company.com.

company.com. IN MX 10 oldsmtp.company.com.

newsmtp.company.com. IN A 192.168.0.1

oldsmtp.company.com. IN A 10.0.0.1

For the users, I'm not sure you can just use ACL in the router to reroute their traffic destined to the old smtp server to the new smtp server. Think about authentication and other factors between email client and mail server. User email client is configured to communicate with the mail server FQDN (not IP address), you can just change the 'A' record of the old mail server to the new mail server IP address (just make sure that their mail/account is sync). i.e.

...from...

oldsmtp.company.com. IN A 10.0.0.1

...to...

oldsmtp.company.com. IN A 192.168.0.1

I helped mail administrators to migrate mail servers - old to new (server or software/os), change of domain (company name), change of mail software (notes/exchange), change of IP address for both Lotus Notes and Microsoft Exhange, but I never encountered or being asked to create ACL to reroute traffic destined to old smtp server to new smtp server. I never say it can't be done but this is new to me.

Regards,

Dandy

michael kalinowski · ‎02-02-2008

Hi Dandy....thanks for your response. It is not exactly an old/new mail server situation. The mail server that serves these accounts is unchanged. But the company that provides us the network link to the north wants to relay all outgoing smtp traffic through their mail server to cut down on spam traffic on their network. So they are asking that all email clients be configured so that the outgoing email server points to their server. Rather than have all our clients reconfigure their email client I was thinking there must be a way to point all outgoing smtp traffic on the router to this server. Thanks again for your help.

Danilo Dy · ‎02-02-2008

Hi,

This is not new. In the old days, ISP provides Free no-SLA SMTP for their internet bandwidth subscriber. But because of the SPAM, they ask their subscriber to stop using their SMTP server. Some ISP dont even ask their subscriber, they just block them since its a Free no-SLA SMTP.

The right way is for the users to use the SMTP of their mail service provider - since they pay for it.

You can create a step-by-step guide for your users how to change the SMTP in their mail client to point to the new SMTP server and send them mail with a deadline for the change.

Most of the time we try to make any changes as trasparent as possbile to the users (because they are "users" :) ), but there are times that we can't do that and we need their cooperations. However, we have to make the change that they will do as simple as possible for them by creating a step-by-step guide with screenshots as possible (and test the guide before sending to them).

http://www.hmailserver.com is a good SMTP server (GNU)

Regards,

Dandy

michael kalinowski · ‎02-02-2008

Ok....that's what I will do then. Yes I was hoping to do something transparent. These particular users being Inuit people are relatively new to computers and internet and these things can be challenging because of the communication barriers not to mention that there is only one person to give support :-( Thanks again for your help. :-)

Danilo Dy · ‎02-02-2008

Hi,

I can understand for one support :)

If your current ISP is not blocking you or your users yet, you can plan for the change.

For example, group your users and send the guide per group of users. Send the guide first to users which you think are IT savvy and friendly :). Along the way, you can fine tune your guide.

Sending the guide to all the users at once will flood you with complains if there is something wrong with your guide :)

Regards,

Dandy

michael kalinowski · ‎02-02-2008

Good idea I'll do that......I was not given much notice. The change will take effect tomorrow midnight and I was informed of the pending change yesterday :-O