Email Server Solution

[Jason Huddleston]

Steve Buehler wrote:

> I had to resend this because the list software didn't like the 
> Subject. Anyway, here is the email.
> We are running multiple RedHat boxes. Anywhere from 7.3 to RHEL ES 4. 
> Each server has between 1 and 300 sites on them. I am trying to find 
> out a solution to a problem that we are having with AOL and RBL's. We 
> have come to the conclusion that we will need another server just for 
> email. That defeats the purpose of our Ensim Control panel that we use 
> since it isn't set up to allow for multiple servers to separate out 
> the email.
> To get blocked, all it seems to take is one client that has a virus on 
> his computer sending out through his email account and our whole 
> server gets blocked because all sites email always goes out from the 
> main servers IP address, not the IP address of there domain/account. 
> It would be nice if email would appear to come from the IP of the 
> domain and not the IP of the server itself. That way we could at least 
> narrow down which domain is causing the problems.
> All of our servers that we have are dual processor XEON's with 2 gig 
> of memory and SATA or SCSI drives, usually in RAID configurations. If 
> we try running SpamAssassin and a Virus Scanner on the servers for the 
> email, it slows the servers down to a crawl at times. I know there are 
> providers that aren't having this kind of problems. We would like to 
> have ONE control panel where the customer can administer there sites 
> including email. That will mean that we will have to get rid of the 
> Ensim Control panel because it will not allow for administering sites 
> and email if the they are on different servers. Only two of our 
> servers uses the Ensim Control panel for clients. The other servers 
> don't have control panels but we still can't run SpamAssassin and/or a 
> Virus Scanner on them for the email because it just slows the he** out 
> of them.
> We don't allow spammers on our systems and greatly hinder the ability 
> to have mailing lists. We allow them, but we check out to make sure 
> they are double opt in and we know most of our clients personally. The 
> latest block from AOL is from a server that doesn't even send out 
> email because the program for the store that is on there is not 
> completely written yet and the email part is not even started yet. 
> Apparently from what we can gather is that a spammer is using the ONLY 
> domain name that is on it as a return address. I have even shut off 
> email programs on it completely just to make sure. It has not been 
> hacked that we can see and all of our servers can only be SSH'd into 
> from 2 IP addresses. Telnet is turned off. I don't allow any client to 
> ever SSH into their accounts. I won't even give the bosses and owners 
> the root password or access to them for SSH. All IP's but 2 are 
> blocked at the main firewall and the firewall that is on each system. 
> It is not impossible that one of our servers where hacked, but it is 
> very very unlikely especially for the one that has the incomplete 
> store software on it and no other sites. I do realize that being 
> blocked because of a spammer that is using one of our domains for a 
> return address is something that we can't do anything about.
> Any help and suggestions would be greatly appreciated.
>
> Thank You and Vote for the Death Penalty at your next election for 
> anyone who is caught Spamming.
> Steve
>
It sounds like most of your problems with AOL blocking you because of 
spammers or viruses could be stopped by setting up a spf (TXT) dns 
record for your domain or the domains that you are in charge of. AOL 
pays attention to these and will drop any mail that comes from an IP 
that you do not put in the record.

-- 
Jason Huddleston, RHCE, CCSA
Assistant Coordinator Internet Services and Security
Ozarks Technical Community College
huddlesj at otc.edu
417-447-7532