Need Advice; 3 NIC's; High Volume Mail Server; Sendmail; Iptables?

Killer Bassist · 11-29-2005, 05:35 PM

Good day

Hello again to the linux questions community.
I am seeking advice as to how I should set up a High Volume Mail Server with sendmail. The unit has 3 Intel 1000 Pro NIC's that I have already set up, and are working fine as far as connectivity is concerned. Two of them have static addresses, and one (that I use for administrative duties only) is DHCP. Perhaps in the future I'll set it up as a failsafe device.

Here is the desired outcome. I would like to set up the machine so one of the NIC's exclusively sends mail to the outside relay. I dont want it to accept any traffic aside from whatever is needed for reverse dns lookups (if any?). The second NIC I would like to accept incoming SMTP connections.

I have already put a line in my .mc reading

Code:

DAEMON_OPTIONS(`Port=smtp,Addr=IP_ADDR, Name=MTA')dnl

If I am not mistaken, this will tell sendmail to only listen on the one adapter for smtp connections. To limit the connectivity on the other device, should I use IPTables? Any advice? An alternate suggestion on how I should set up this system? Is it sendmail that stipulates the outgoing device, or is it another daemon of sorts?

Any advice that you are willing to give, I'll listen to.

Thanks, Dylan

XOR007 · 12-02-2005, 02:02 PM

U R on track : DAEMON_OPTIONS(`Port=smtp,Addr=IP_TO_LISTEN_ON, Name=MTA')dnl should B enough. But if I were U I would drop port 25 traffic on the other eths using iptables. Good luck!

Killer Bassist · 12-02-2005, 03:33 PM

Thanks a bundle =D

XOR007 · 12-04-2005, 11:40 PM

Quote:

Originally Posted by Killer Bassist

Good day

... Two of them have static addresses, and one (that I use for administrative duties only) is DHCP...

...
I have already put a line in my .mc reading

Code:

DAEMON_OPTIONS(`Port=smtp,Addr=IP_ADDR, Name=MTA')dnl

If I am not mistaken, this will tell sendmail to only listen on the one adapter for smtp connections...

Since you are talking about a high volume mail server, notice that if the two static addresses are public and reachable through a router, the DAEMON_OPTIONS line almost changes nothing. The DAEMON_OPTIONS line only tells sendmail to handle packets that have destination address IP_ADDR only.

Also remember to restrict relaying through the /etc/mail/access.

Quote:

To limit the connectivity on the other device, should I use IPTables? Any advice? An alternate suggestion on how I should set up this system? Is it sendmail that stipulates the outgoing device, or is it another daemon of sorts?

Any advice that you are willing to give, I'll listen to.

Thanks, Dylan

Do you have multiple routes to the internet with bandwith constraints?

Routing of any internet protocol traffic is done by the kernel, more precisely netfilter. Which you can administrate through iptables.

You can never say it to much: an open relay will not last a few hours on the internet before being suspended by the ISP for abuse.

Good luck