Subject: Re: OT sendmail delay
Tim
Thanks for the reply...
On Fri, 2006-10-06 at 10:57 +0100, bryan@xxxxxxxxxxx wrote:
Thanks for your reply to this. When I was doing further checks I found
that it was also failing reverse dns look ups. So I bit the bullet and
started to learn about dns. Would you have any advice to offer as to
best practice for this?
Get it working internally, first, and be certain you're familiar with it
(your server, and DNS records in general) before you move beyond
internal DNS serving.
I was thinking that we need an internal dns server to keep sendmail
happy with all the internal people that use it to send out email.
Sendmail isn't currently taking mail in yet directly. That's taken from
the box that's hosted at the ISP and brought in by fetchmail. Long term
this was going to change and the MX record externally (at the ISP) was
going to point to our adsl router.
First advice: Before setting yourself up with a SMTP server accepting
input from the public, learn about spam control. Once you start
handling your own mail, you've also got to deal with all the spam that
someone else would have been managing for you. You have to learn how to
kill it properly, not get exploited, and not get blacklisted.
The mailserver currently runs spamassassin, and testing with smtp auth and
starttls also works. This was a requirement for getting port 25 opened by
the isp. I've read about grey listing. Is there anything else you would
recommend?
For internal networking, it probably is easier to have a local DNS
server that takes care of address resolution (easier than maintaining
hosts files, etc.). But be careful how you organise your internal mail
if you want users to be able to post to the outside world using the same
e-mail addresses. You won't be able to post from a domain name that's
not recognised outside your LAN. There's nothing stopping you from
having different responses to domain names inside and outside of your
LAN (i.e. using a public domain name, inside and out, but inside your
machines all have internal LAN IP addresses, for internal work, outside
your domain has a real internet IP address for mail checks, etc.).
Everything that goes out is masqueraded as coxagri.com. It goes out to the
smarthost at the ISP currently. My test ones made it out of the system OK to
an external address. Is there anything else to be aware of?
Thanks
Bryan