Month: May 2009

Adventures with iRedMail – Part II

In the first installment of Adventures with iRedMail I got it to send emails but I left the MS Exchange integration for another day. Since then I have updated my DNS zone with the DKIM information, set up local DNS information, decided on naming standards, and reconfigured Postfix several times before I got it right.

Updating the DNS with DKIM information

This task was relatively easy. I copied the DKIM information in the iRedMail.tips into a trouble ticket with my web provider. About 24 hours later it was ready to test. I sent an emails to my Yahoo account, sa-test@sendmail.net, and autorespond+dkim@dk.elandsys.com. Although the email from dk.elandsys.com was the first to respond, it said it did not work. When I checked my Yahoo account the headers said the email was signed correctly with DKIM. Ironically the return email from sendmail.net ended up in my Junk Mail folder. It said that everything worked correctly. For one more test I created a Gmail account and sent an email to it, too. It said the email was signed correctly.

Local DNS, naming standards, and more Postfix problems

The next challenge was to configure Postfix to accept both local email addresses and email addresses for the exchange server under the same domain. I used PostFixAdmin to create Aliases that pointed to the Exchange server emails(e. g. myemail@mybusiness.com points to myemail@mybusiness.local). PostFix complained about the DNS records for my Exchange server so I added mybusiness.local as a relay_domain and set up a psuedo DNS so that PostFix can find the IP address for my Exchange server. In my case I decided to let my pfSense firewall act as a local DNS server to serve up the local IP addresses. At this point I can email to everyone from a local iRedMail account but I cannot get replies until I set up iRedMail as the SMTP gateway and the Exchange server as a relay domain.

PostFix domain checks get me again!

It took me a long time to figure this out. When I changed the firewall to redirect SMTP traffic to the PostFix gateway I could not get any mail. I thought I had messed up the firewall settings so I kept trying different settings. I was pretty limited with my testing tools. If I could Telnet into port 25 I could see what is happening but I could not make the connection work as long as I was located on this side of the firewall. Fortunately I found a solution on the Internet. The dnsqueries.com site provides a page, http://www.dnsqueries.com/en/smtp_test_check.php, that allows me to check my local SMTP connection using their server.  Within minutes I figured out that my email server did not like my sender’s domain. In fact it did not like anyone’s domain. This was the same type of problem I had with the Postfix recipient domain check, so I removed the sender domain check and the emails starting flowing.

What have I achieved?

  • I have a gateway that checks all incoming mail for spam and viruses. Postini offers a similar service for about $1 per user per month. We use MXLogic at work.
  • I have an alternate email server that allows me to send email that passes the SPF and DKIM checks. One of the reasons I investigated iRedMail was to use it for sending out a newsletter at work. Like many Internet retailers we get a chunk of our business as a result of our biweekly newsletter. In our case DKIM is another piece of the puzzle to improve our sender reputation. Since both Yahoo and Gmail require DKIM signing in order to set up feedback loops, DKIM is probably essential if you have ambitions of having a pristine email list. For those folks looking at ways to cut the umbilical cord to Microsoft this is one of several low cost, low maintenance migration alternatives to a local Exchange server.

Adventures with iRedMail

I read this article on HowtoForge and decided to give it a try. I was not as successful as the author.

iRedMail: Full-Featured Mail Server With LDAP, Postfix, RoundCube, Dovecot, ClamAV, DKIM, SPF On CentOS 5.x Debian (Lenny) 5.0.1

iRedMail is a shell script that lets you quickly deploy a full-featured mail solution in less than 2 minutes on CentOS 5.x and Debian (Lenny) 5.0.1 (it supports both i386 and x86_64).

iRedMail: Build A Full-Featured Mail Server With LDAP, Postfix, RoundCube, Dovecot, ClamAV,SpamAssassin, DKIM, SPF On CentOS 5.x | HowtoForge – Linux Howtos and Tutorials

My first try was to use the script to update a Centos 5.3 workstation installation. It went smoothly until I tried to update look at the keys used by DKIM. I ran into trouble with the LDAP option. OpenLDAP would not install do to a missing file. So I took the Mysql option. That was when I found a series or problems. Most of the problems were minor. My initial mail userid used Chinese. Since I was particularly interested in DKIM I was disappointed to find out that Amavisd was running at a version that did not support DKIM. I quickly realized that this was taking too much time and a better solution was to install a virtual machine using the iRedOS. This is a Centos 5 installation with all of the prerequisites already installed.

Creating a virtual machine mail server went pretty smoothly. The only problem I found with the installation was that I was unable to send mail. I quickly realized that I needed to install Webmin so I could perform normal system maintenance and troubleshoot. After I installed Webmin I found my problem. Postfix thought Yahoo was an unknown domain. Although I am not familiar with intricacies of Postfix I found that if I removed the configuration parameter “reject_unknown_recipient_domain” I could send emails successfully. This is a not a fix but it will work for me until I figure out the problem between the DNS and Postfix.

My next trick is to set up the mail server as a mail relay to my Exchange server. Technically this could be a first step in migrating off of Exchange to a non-Microsoft cloud computing environment. There are a lot of good things to be said about Exchange but there are even more good things to say about cloud-based email. Making the transition to a low cost, highly dependable, feature rich email environment with the least amount of pain is the challenge for both the Microsoft and open source communities.

Getting McAfee to work behind an ISA 2004 Firewall

It has been a long time since I actively worked with Microsoft’s ISA Firewall so it took me some time to fix this problem. Buy.com periodically offers a 3 computer version of McAfee at a very cheap price. Since I am somewhat ambivalent about the merits of one virus checking software over another, I bought a copy to replace a TrendMicro version up for renewal. The installation did not flag any errors or warnings so it took about a week before I noticed that the patterns had not updated. Yesterday I decided to fix the problem and write down for posterity how I accomplished it.

Unlike many firewalls Microsoft’s firewall typically restricts anonymous access. This typically is not a problem for most applications that run on Windows computers since the users are logged into the Active Domain. Occasionally there are applications that fail to connect to the internet despite the user being logged into the domain. Most of the time you need to open some non-standard ports to fix the problem. In this case McAfee is using standard HTTP and HTTPS ports and still failing to connect.

The solution is to create an anonymous access rule to the McAfee update site and to configure the client to not use the ISA Firewall client for these sites. One way to accomplish this  is to configure Internet explorer(Tools-Internet Options-Connections-Lan settings-Advanced) to not use the proxy. This is the way I got McAfee to update. Another way is to configure the properties for the internal network in ISA to use direct access for these sites. You can configure a GPO, too.

Welcome to Windows 7

Last weekend I took the plunge and installed Windows 7 RC. The hardest part was freeing up some disk space and partitioning the hard drive. After a few defrag runs I was ready to partition. Dual booting is the way to go. There are no special tricks. Just let Windows 7 install in the unpartitioned space. The installation was pretty uneventful. My laptop is about three years old, it has 2 GB of ram, and it passed the Windows 7 compatibility check. The installation found drivers for everything although it had to get the Ricoh drivers off of the Internet.

The part I was most interested in was what would I install first. The first four programs were were the virus checking software, FeedDemon, Windows Live Writer, and Flash. I chose a trial version of AVG available at http://free.avg.com/download-avg-anti-virus-free-edition. I like AVG but it triggers a PC issue message in Windows 7. I guess AVG and Windows have a few things to work out. It did not take to long after running FeedDemon that I ran into a web page requiring Flash. When I decided to write a post about my Windows 7 experience I installed Windows Live Writer. To setup Windows Live Writer I needed KeePass since that is where I store my passwords.

To transfer files from Window XP into Windows 7 I am using two methods. With the first method I created a shared folder at the root of the Windows 7 drive and copied files into the folder using XP. I could not browse the XP version of the “My Documents” folder using Window 7  and was not into the “take ownership” thing. The second method uses Dropbox.

So far my experience has been very positive. The interface is nice and the computer seems as fast as it was under XP. I think Microsoft has a winner if they price it right. The interface of Linux and the Mac are nice, too!