[gentoo-user] inhouse email

[gentoo-user] inhouse email

[Mark]

[-- Attachment #1: Type: text/plain, Size: 564 bytes --]

Can anyone who has done it comment on the downside (if any) of bringing
email in-house, as opposed to continuing to pay a hosting provider? My plan
is to have a separate server, sitting by itself in the DMZ, so the internal
LAN should remain relatively safe. The DSL provider we use will host the DNS
records (MX). We have a top-notch firewall already in place, but this is the
first step we've taken toward making anything available inbound, so I'm
cautiously optimistic.

--
Mark
[unwieldy legal disclaimer would go here - feel free to type your own]

[-- Attachment #2: Type: text/html, Size: 585 bytes --]

Re: [gentoo-user] inhouse email

[John Jolet]

Two things, well several things, really.  You need more than one mail server, 
or you need a store-and-forward mx in case your mail server goes down.  
Second, I'd make sure you put antivirus and spam guards on the mail server, 
and that it's beefy enough to handle the traffic.  A good split is to put a 
bastion mail server doing antivirus and spam checks, but no user verification 
outside the firewall (or inside a non-natting firewall), and have him just 
forward everything to a secure mail server inside.  put the secure mail 
server with a non-routable ip, and the bastion mail server with one public 
ip, and one non-routable, to talk to the secure mail server.  Make sure both 
mail servers are up-to-date and kept up to date patchwise.  Run NO other 
services (except maybe ssh) on either server.
On Monday 24 October 2005 10:29, Mark wrote:
> Can anyone who has done it comment on the downside (if any) of bringing
> email in-house, as opposed to continuing to pay a hosting provider? My plan
> is to have a separate server, sitting by itself in the DMZ, so the internal
> LAN should remain relatively safe. The DSL provider we use will host the
> DNS records (MX). We have a top-notch firewall already in place, but this
> is the first step we've taken toward making anything available inbound, so
> I'm cautiously optimistic.
>
> --
> Mark
> [unwieldy legal disclaimer would go here - feel free to type your own]

-- 
John Jolet
Your On-Demand IT Department
512-762-0729
www.jolet.net
john@jolet.net
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[Marshal Newrock]

On Monday 24 October 2005 11:36, John Jolet wrote:
> Two things, well several things, really.  You need more than one mail
> server, or you need a store-and-forward mx in case your mail server goes
> down. Second, I'd make sure you put antivirus and spam guards on the mail
> server, and that it's beefy enough to handle the traffic.  A good split
> is to put a bastion mail server doing antivirus and spam checks, but no
> user verification outside the firewall (or inside a non-natting
> firewall), and have him just forward everything to a secure mail server
> inside.  put the secure mail server with a non-routable ip, and the
> bastion mail server with one public ip, and one non-routable, to talk to
> the secure mail server.  Make sure both mail servers are up-to-date and
> kept up to date patchwise.  Run NO other services (except maybe ssh) on
> either server.

I'd like to disagree with a couple points on here.

First off, a secondary MX is not necessary.  If an email can't get through 
due to a server being down, it will be retried and get through later when 
the server is up.

Second, if you are receiving email from the outside world and are not doing 
any user verification, you are a source of backscatter, and therefore of 
spam.  Do not accept mail for invalid receipients.  Do not have a secondary 
MX if you can not do recipient verification with it.  Accept-and-bounce is 
spam.

Depending on the amount of mail received, it's not necessary to separate 
services to different boxes.  Sending and receiving mail takes very little 
resources.  It's the extra services, such as spam and antivirus, that 
require heavier hardware, again depending on your load.  You do want to 
make sure, though, that no outside connections are possible to any spam or 
virus filtering programs on the mail server.

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[Thomas T. Veldhouse]

Marshal Newrock wrote:

>I'd like to disagree with a couple points on here.
>
>First off, a secondary MX is not necessary.  If an email can't get through 
>due to a server being down, it will be retried and get through later when 
>the server is up.
>  
>
That is true, if the down time is short in duration [say under three 
days].  However, not all servers are respectful of this downtime.  The 
Gentoo list servers are an example of those that patronize you for being 
down.

Tom Veldhouse

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[kashani]

John Jolet wrote:
> Two things, well several things, really.  You need more than one mail server, 
> or you need a store-and-forward mx in case your mail server goes down.  
> Second, I'd make sure you put antivirus and spam guards on the mail server, 
> and that it's beefy enough to handle the traffic.  A good split is to put a 
> bastion mail server doing antivirus and spam checks, but no user verification 
> outside the firewall (or inside a non-natting firewall), and have him just 
> forward everything to a secure mail server inside.  put the secure mail 
> server with a non-routable ip, and the bastion mail server with one public 
> ip, and one non-routable, to talk to the secure mail server.  Make sure both 
> mail servers are up-to-date and kept up to date patchwise.  Run NO other 
> services (except maybe ssh) on either server.

	I'd skip the store and forward, it does nothing for you IMHO. The 
default queue time on most mail servers is 5 days. That should be more 
than enough time to get your mail server up and running or move your 
mail to somehwere else. If 5 days isn't enough time to make 
arrangements, then having a backup MX with store and forward would add 
some value. However store and forward servers don't allow you to check 
your mail from them in most cases so we're talking about no one in the 
office getting their mail for 5+ days. I'd definitely make plans for an 
outage, but I don't see store and forward as a necessary part of 
disaster recovery.

	Before splitting your mail up into multiple machines think about the 
number of users you have, the amount of mail you get, and what sort of 
server you have. A decent sized server can easily deal with a 50-100 
person office using webmail, imap, and spam filtering. I'm sure you can 
find someway to shoot yourself in the foot and need more servers, but 
some simple planning should keep that from happening.

1. Block mail up front.
	Use greylisting as it stops spam before it enters the MTA's queue. This 
keeps 90% of my spam from even entering the more resounce intensive 
filtering processes.

2. Don't use blacklists
	30% false positive rate. Comapared to 1-2% for Bayesian or Markovian 
filtering.

3. Do some simple check up front, but don't do too many.
	Require a helo, reject invalid hostnames, reject unknown domains, 
reject non FQDN, and that's pretty much it. Requiring DNS to match and 
other checks is something you can do, but I've found that there are too 
many poorly configured legitimate mail servers for this to be worth the 
hassle.

	Protecting your mail server is good, but you need to make that decision 
based on how you plan to use it. I've seen offices where you had to log 
into the VPN in order to check your mail, much like the system John 
described above. I've seen others where it was out on a public IP with 
no protection. Personally I go for somewhere in the middle.

1. Firewall
	You have one, so no problems here. Do remember that any sort of smtp 
protocol inspection usually breaks smpt-auth so you may need to turn 
that off.

2. Encryption
	You're not going to have all sorts of bearely litterate idiots using 
your mail server so you can configure and force all your users to use 
TLS with smtp, imap-ssl, pop3-ssl, and actually not run the unsecure 
services at all.

3. Webmail and user management
	I needed to support webmail and also wanted to use PostfixAdmin as the 
frontend to mail. PostfixAdmin allows users to change their password and 
set their own vacations which is all stuff I don't have to do anymore. 
PostfixAdmin also allows me to create users, aliaes, add domains, etc 
without having to deal with phpmyadmin or writing the SQL manually in a 
virtual system... you might not need to get that complicated. I'm also 
running Horde and did some changes that allow users to change their 
password through there as well to keep support requests down. Running 
these requires Apache, mod_php, and mod_ssl if you want to force https 
for logins and what not. If you're small enough I'd just force https 
period.
	I suspect that'll you'll need webmail or it'll just be too handy not to 
do. Make sure you look into some of the tuning stuff to keep it fast 
like imap-proxy.

kashani
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[Thomas T. Veldhouse]

kashani wrote:

> 1. Block mail up front.
>     Use greylisting as it stops spam before it enters the MTA's queue. 
> This keeps 90% of my spam from even entering the more resounce 
> intensive filtering processes.
>
This is a very effective filter.  However, it does greatly slow down 
delivery of legitimate email.  I found it a bit of a pain.  Further, 
there are those servers out there that respond to greylisting as a 
bounce, so you need to specifically configure accordingly.

> 2. Don't use blacklists
>     30% false positive rate. Comapared to 1-2% for Bayesian or 
> Markovian filtering.
>
I use both.  As far as false positive goes, I have had very few false 
positives ... in fact, i can not think of any.  But, for a corporate 
setting, I would not use it, but instead leave it all to software like 
DSPAM or Spam Assassin.

> 3. Do some simple check up front, but don't do too many.
>     Require a helo, reject invalid hostnames, reject unknown domains, 
> reject non FQDN, and that's pretty much it. Requiring DNS to match and 
> other checks is something you can do, but I've found that there are 
> too many poorly configured legitimate mail servers for this to be 
> worth the hassle.
>
All corporate servers should implement this IMHO ...

I am always surprised how many sites out there send mail directly from 
webservers in a DMZ that do not have proper FQDN setup.  I tend to find 
these upon making an order and not getting an email ... log searches 
reveal the problem.  So, if you want maximum ability to receive email, 
don't enforce these rules.

Tom Veldhouse
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[kashani]

Thomas T. Veldhouse wrote:
> kashani wrote:
> 
>> 1. Block mail up front.
>>     Use greylisting as it stops spam before it enters the MTA's queue. 
>> This keeps 90% of my spam from even entering the more resounce 
>> intensive filtering processes.
>>
> This is a very effective filter.  However, it does greatly slow down 
> delivery of legitimate email.  I found it a bit of a pain.  Further, 
> there are those servers out there that respond to greylisting as a 
> bounce, so you need to specifically configure accordingly.

	I set mine with a time of one minute. Hardly any spam retries so the 
time really isn't important. However hotmail and the like often retry 
once every minute for the first three minutes and then attempt again 
fifteen minutes later. With the one minute time most people don't notice 
any problems.

>> 2. Don't use blacklists
>>     30% false positive rate. Comapared to 1-2% for Bayesian or 
>> Markovian filtering.
>>
> I use both.  As far as false positive goes, I have had very few false 
> positives ... in fact, i can not think of any.  But, for a corporate 
> setting, I would not use it, but instead leave it all to software like 
> DSPAM or Spam Assassin.

	How do you know if you've had false positives? On a personal server you 
might be able to tell, but in an office of fifty people you can't be 
sure. And according to the math for every email that ends up in your 
junk folder in your mail client thirty are getting bounced by your 
blacklist.
	The last straw for me was when some jackass listed a few hotmail 
servers. So 90% of the tests worked unless you came in from a particular 
set of servers. I've got better things to do than deal with someone 
else's spam jihad nonsense.

kashani
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[Michael Sullivan]

On Mon, 2005-10-24 at 11:29 -0400, Mark wrote:
> Can anyone who has done it comment on the downside (if any) of
> bringing email in-house, as opposed to continuing to pay a hosting
> provider? My plan is to have a separate server, sitting by itself in
> the DMZ, so the internal LAN should remain relatively safe. The DSL
> provider we use will host the DNS records (MX). We have a top-notch
> firewall already in place, but this is the first step we've taken
> toward making anything available inbound, so I'm cautiously
> optimistic.
> 
> -- 
> Mark
> [unwieldy legal disclaimer would go here - feel free to type your own]

I have an in-house mail server.  In my experience, the only problem I
have with it is when our cable Internet goes out.  I pay $99USD a month
for cable Internet with a static IP and the cable usually goes out for a
couple of hours on the weekends (grrr).  Other than that I haven't
really had any problems with it...

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[John Jolet]

On Monday 24 October 2005 10:37, Michael Sullivan wrote:
> On Mon, 2005-10-24 at 11:29 -0400, Mark wrote:
> > Can anyone who has done it comment on the downside (if any) of
> > bringing email in-house, as opposed to continuing to pay a hosting
> > provider? My plan is to have a separate server, sitting by itself in
> > the DMZ, so the internal LAN should remain relatively safe. The DSL
> > provider we use will host the DNS records (MX). We have a top-notch
> > firewall already in place, but this is the first step we've taken
> > toward making anything available inbound, so I'm cautiously
> > optimistic.
> >
> > --
> > Mark
> > [unwieldy legal disclaimer would go here - feel free to type your own]
>
> I have an in-house mail server.  In my experience, the only problem I
> have with it is when our cable Internet goes out.  I pay $99USD a month
> for cable Internet with a static IP and the cable usually goes out for a
> couple of hours on the weekends (grrr).  Other than that I haven't
> really had any problems with it...
this might be a little off-topic, but zoneedit.com will provide a 
store-and-forward backup mx for like $10/year.  That's what I use.
-- 
John Jolet
Your On-Demand IT Department
512-762-0729
www.jolet.net
john@jolet.net
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[Elliott Clark]

John Jolet wrote:

>On Monday 24 October 2005 10:37, Michael Sullivan wrote:
>  
>
>>On Mon, 2005-10-24 at 11:29 -0400, Mark wrote:
>>    
>>
>>>Can anyone who has done it comment on the downside (if any) of
>>>bringing email in-house, as opposed to continuing to pay a hosting
>>>provider? My plan is to have a separate server, sitting by itself in
>>>the DMZ, so the internal LAN should remain relatively safe. The DSL
>>>provider we use will host the DNS records (MX). We have a top-notch
>>>firewall already in place, but this is the first step we've taken
>>>toward making anything available inbound, so I'm cautiously
>>>optimistic.
>>>
>>>--
>>>Mark
>>>[unwieldy legal disclaimer would go here - feel free to type your own]
>>>      
>>>
>>I have an in-house mail server.  In my experience, the only problem I
>>have with it is when our cable Internet goes out.  I pay $99USD a month
>>for cable Internet with a static IP and the cable usually goes out for a
>>couple of hours on the weekends (grrr).  Other than that I haven't
>>really had any problems with it...
>>    
>>
>this might be a little off-topic, but zoneedit.com will provide a 
>store-and-forward backup mx for like $10/year.  That's what I use.
>  
>
I too have a local mail server and I came to the conclusion that I would 
really like a mx backup server.  However I already spend too much on 
internet services.  So what I would love to do is set up some kind of 
gentoo community run mx backup web.  Something were users get 2 backup 
servers and they are a backup server for two others.  However this would 
require some trust and a lot of programing to get a utility to create 
configs for all of the different mail servers out there.

I posted on the forums but didn't get any real response so looks like 
the flaws are too great.  But the idea still kinda stands find someone 
else who needs a mx server and exchange.  You be their backup and they 
be yours.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[Stroller]

On Oct 27, 2005, at 12:01 am, Elliott Clark wrote:
>
> I too have a local mail server and I came to the conclusion that I 
> would really like a mx backup server.  However I already spend too 
> much on internet services.  So what I would love to do is set up some 
> kind of gentoo community run mx backup web.  Something were users get 
> 2 backup servers and they are a backup server for two others.  However 
> this would require some trust and a lot of programing to get a utility 
> to create configs for all of the different mail servers out there.
>
> I posted on the forums but didn't get any real response so looks like 
> the flaws are too great.  But the idea still kinda stands find someone 
> else who needs a mx server and exchange.  You be their backup and they 
> be yours.

I posted here for DNS secondary volunteers a year or two back, and 
found a guy to host my secondary DNS for me. He seemed very reputable, 
having written computing books & being referenced in Unix mailing lists 
10 years old but he fell off the internet without telling me. According 
to a friend of his he's not dead, just quit all internet use 
completely.

 From this experience I'd advise you not to trust anyone with your 
secondary unless you're paying them to maintain it. I have friends 
locally who run their own servers and although I trust them to get me 
home when I'm drunk, on reflection I wouldn't trust them with a favour 
like this. It wouldn't surprise me at all if they were just to forget 
they were hosting my records when they reinstalled their server, and in 
things like this you only find out about it when you actually NEED the 
backup. $10 a year seems very cheap for such a service, IMHO - you'd 
spend more than that thanking your friends with beer.

Stroller.

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[John Jolet]

On Oct 26, 2005, at 6:01 PM, Elliott Clark wrote:
>>
> I too have a local mail server and I came to the conclusion that I  
> would really like a mx backup server.  However I already spend too  
> much on internet services.  So what I would love to do is set up  
> some kind of gentoo community run mx backup web.  Something were  
> users get 2 backup servers and they are a backup server for two  
> others.  However this would require some trust and a lot of  
> programing to get a utility to create configs for all of the  
> different mail servers out there.
>
> I posted on the forums but didn't get any real response so looks  
> like the flaws are too great.  But the idea still kinda stands find  
> someone else who needs a mx server and exchange.  You be their  
> backup and they be yours.
> -- 
> gentoo-user@gentoo.org mailing list
>
>

I think the liability and trust issues would make that a bit  
difficult.  Interesting idea, though.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[Jonathan Wright]

Mark wrote:
> Can anyone who has done it comment on the downside (if any) of bringing 
> email in-house, as opposed to continuing to pay a hosting provider? My 
> plan is to have a separate server, sitting by itself in the DMZ, so the 
> internal LAN should remain relatively safe. The DSL provider we use will 
> host the DNS records (MX). We have a top-notch firewall already in 
> place, but this is the first step we've taken toward making anything 
> available inbound, so I'm cautiously optimistic.

Generally, most mail will sit in a queue for around 3 days before 
failing to deliver - but that depends on the host/server. So, the odd 
outage shouldn't be a problem - at least it's not with me here :)

Also, it's worth double-checking to see if your ISP will allow port 25 
inwards. Some don't, and you wouldn't want to do all that work only to 
find nothing happening! :/

-- 
  Jonathan Wright                           ~ mail at djnauk.co.uk
                                            ~ www.djnauk.co.uk
--
  2.6.13-gentoo-r3-djnauk-b2 AMD Athlon(tm) XP 2100+
  up  4:46,  1 user,  load average: 0.69, 0.55, 0.50
--
  "Did you hear about the Scottish drag queen? He wore pants."

                                                     ~ Lynn Lavner
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[Digby Tarvin]

It is easy enough to set it up and test it in parallel with your
current setup. Nothing important should be directed there till you
advertise it..

I have been running a mail server on my home system ever since I got
my DSL connection at home. It is where I normally direct mailing
list traffic and other correspondence which is non critical,
because I can create dedicated aliases which all point the the
same ultimate mailbox, making it easy to identify where spammers
have been obtaining addresses from, and making it possible to just
invalidate the effected address...

For person mail that I want to be able to access when I am
travelling I use a mail forwarding address which can be
pointed at an ISP hosted POP3 mailbox (which is polled using
fetchmail when I am home) or when needed can be pointed direct
to my home server.

Regards,
DigbyT

On Mon, Oct 24, 2005 at 05:11:02PM +0100, Jonathan Wright wrote:
> Mark wrote:
> >Can anyone who has done it comment on the downside (if any) of bringing 
> >email in-house, as opposed to continuing to pay a hosting provider? My 
> >plan is to have a separate server, sitting by itself in the DMZ, so the 
> >internal LAN should remain relatively safe. The DSL provider we use will 
> >host the DNS records (MX). We have a top-notch firewall already in 
> >place, but this is the first step we've taken toward making anything 
> >available inbound, so I'm cautiously optimistic.
> 
> Generally, most mail will sit in a queue for around 3 days before 
> failing to deliver - but that depends on the host/server. So, the odd 
> outage shouldn't be a problem - at least it's not with me here :)
> 
> Also, it's worth double-checking to see if your ISP will allow port 25 
> inwards. Some don't, and you wouldn't want to do all that work only to 
> find nothing happening! :/
> 
> -- 
>  Jonathan Wright                           ~ mail at djnauk.co.uk
>                                            ~ www.djnauk.co.uk
> --
>  2.6.13-gentoo-r3-djnauk-b2 AMD Athlon(tm) XP 2100+
>  up  4:46,  1 user,  load average: 0.69, 0.55, 0.50
> --
>  "Did you hear about the Scottish drag queen? He wore pants."
> 
>                                                     ~ Lynn Lavner
> -- 
> gentoo-user@gentoo.org mailing list

-- 
Digby R. S. Tarvin                                             digbyt@digbyt.com
http://www.digbyt.com
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[Jonathan Wright]

Digby Tarvin wrote:
> It is easy enough to set it up and test it in parallel with your
> current setup. Nothing important should be directed there till you
> advertise it..

That's fine for outgoing mail, but unless an MX record exists for the 
internal server on a domain/subdomain, it's difficult to 'direct' 
traffic from the outside in.

The only other way I can think off is to test the server using either a 
telnet port or a script from an off-site computer onto the new server.

> I have been running a mail server on my home system ever since I got
> my DSL connection at home. It is where I normally direct mailing
> list traffic and other correspondence which is non critical,
> because I can create dedicated aliases which all point the the
> same ultimate mailbox, making it easy to identify where spammers
> have been obtaining addresses from, and making it possible to just
> invalidate the effected address...
> 
> For person mail that I want to be able to access when I am
> travelling I use a mail forwarding address which can be
> pointed at an ISP hosted POP3 mailbox (which is polled using
> fetchmail when I am home) or when needed can be pointed direct
> to my home server.

All me e-mail comes in on my home server and has been now for ~3 years, 
along with my families for the last year or so now that multiple domains 
has been setup. I've even used it as an emergency backup for another 
server when that went down.

As for remote access, I use IMAP over SSL. Most new phones and PDA's 
support SSL encryption over IMAP and SMTP, plus I have the advantage of 
all my mail being handled from one location.

-- 
  Jonathan Wright                           ~ mail at djnauk.co.uk
                                            ~ www.djnauk.co.uk
--
  2.6.13-gentoo-r3-djnauk-b2 AMD Athlon(tm) XP 2100+
  up  5:41,  2 users,  load average: 1.22, 0.86, 0.83
--
  "I can't help looking gay. I put on  a  dress  and  people  say,
  "Who's the dyke in the dress?""

                                                    ~ Karen Ripley
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[Digby Tarvin]

On Mon, Oct 24, 2005 at 06:08:05PM +0100, Jonathan Wright wrote:
> 
> That's fine for outgoing mail, but unless an MX record exists for the 
> internal server on a domain/subdomain, it's difficult to 'direct' 
> traffic from the outside in.
> 
> The only other way I can think off is to test the server using either a 
> telnet port or a script from an off-site computer onto the new server.

No, it is very easy. All I had was a static IP from my service provider
and a router with port 25 forwarded to an internal mail server host.

To get the mail working all I had to do was create a domain name
(using the free service at freedns.afraid.org) and point it at
my static IP.

I think it is possible to setup a MX record explicitly, but I have
never bothered because so far everything that has tried to sent
mail to it has worked fine defaulting to using the A record in
the absence of a MX record.

This mailing list is being delivered to my host using the address
gentoo_at_skaro.afraid.org, and dig gives me the following output
for the domain:
penemunde usb # dig skaro.afraid.org

; <<>> DiG 9.2.5 <<>> skaro.afraid.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34970
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 7

;; QUESTION SECTION:
;skaro.afraid.org.              IN      A

;; ANSWER SECTION:
skaro.afraid.org.       60      IN      A       195.157.127.247

;; AUTHORITY SECTION:
afraid.org.             86400   IN      NS      ns5.afraid.org.
afraid.org.             86400   IN      NS      ns6.afraid.org.
afraid.org.             86400   IN      NS      ns7.afraid.org.
afraid.org.             86400   IN      NS      ns1.afraid.org.
afraid.org.             86400   IN      NS      ns2.afraid.org.
afraid.org.             86400   IN      NS      ns3.afraid.org.
afraid.org.             86400   IN      NS      ns4.afraid.org.

;; ADDITIONAL SECTION:
ns1.afraid.org.         1800    IN      A       70.84.177.198
ns2.afraid.org.         1800    IN      A       204.11.167.30
ns3.afraid.org.         1800    IN      A       69.28.135.46
ns4.afraid.org.         1800    IN      A       70.86.10.35
ns5.afraid.org.         1800    IN      A       70.86.10.32
ns6.afraid.org.         1800    IN      A       70.86.10.33
ns7.afraid.org.         3600    IN      A       70.86.10.34

;; Query time: 157 msec
;; SERVER: 203.27.41.5#53(203.27.41.5)
;; WHEN: Mon Oct 24 20:30:22 2005
;; MSG SIZE  rcvd: 288

Regards,
DigbyT
-- 
Digby R. S. Tarvin                                             digbyt@digbyt.com
http://www.digbyt.com
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] inhouse email

[Thomas T. Veldhouse]

Mark wrote:

> Can anyone who has done it comment on the downside (if any) of 
> bringing email in-house, as opposed to continuing to pay a hosting 
> provider? My plan is to have a separate server, sitting by itself in 
> the DMZ, so the internal LAN should remain relatively safe. The DSL 
> provider we use will host the DNS records (MX). We have a top-notch 
> firewall already in place, but this is the first step we've taken 
> toward making anything available inbound, so I'm cautiously optimistic.
>
You might want to find a provider to be your secondary MX so that email 
will get queued and forwarded upon failure of your DSL or your server.

Tom Veldhouse

-- 
gentoo-user@gentoo.org mailing list