Hi, we would like to achive this setup for the domain "example.com": MX 10 - ISPConfig managed Email server with greylisting and spamfilter active hosts the mailboxes for "example.com" MX 20- ISPConfig managed Email server with "Email Routing / transport" for "example.com" targeting the MX 10 [server] and having a list of "Relay Recipients" Doing it this way leads to spam and backscatter on the MX 20 email server because it accepts any email from anyone as long as the email address is listed under "Relay Recipients". And as soon as any MTA gets a temporary failure from MX 10 (greylisting) ist moves on to MX 20. Some spam sending email server using the secondary MX server by default because they are often have a weaker anti-spam configuration. Is there a way to activate greylisting and antispam for ISPConfig managed secondary MX server? kind regards cmks
Greylisting and antispam is available by default on any node that runs ISPConfig, you can configure the policy that is used for users in relay recipient list under Spamfilter > User/Domain. Backscatter does not happen when you add the email addresses and not just the domains in the relay recipients list, filtering and geylisting is done on the mx nodes then which mnakes sense anyway as you reduce the load on the target system. Normally one would not use such an MX setup when you run large ISPConfig mail systems, with ISPConfig you would use a cluster setup with a shared storage for /var/vmail. I know a setup that consists of 6 Mail nodes as ispconfig cluster with about 16 thousand mail accounts at the moment. This avoids all the problems you described, you don't even need transports or relay recipients in that case.
Maybe I missunderstand something, let me be more detailed: ================================================= szenarion 1: server1: - ISPConfig manged - installed as mailserver server2: - ISPconfig manged - installed as mailserver example.com MX 10 server1 example.com MX 20 server1 ------------------------------------------------ ISPConfig: config server1: mail domain example.com -> server1 [email protected] @ server1 with spamgilter / greylisting config server2: email routing transport for "example.com" -> [server1] relay recipient [email protected] for server2 ------------------------------------------------ I cannot tell ISPConfig to do greylisting for server2 nor to do spamfiltering.
You can enable spam filtering, see Spamfilter > User/Domain in the ISPConfig mail module. And when you use Rspamd instead of Aamavis, then Greylisting is part of Rspamd and therefore controlled trough the spamfilter settings as well. But as mentioned in my first email, one would use a different setup normally when both servers are ispconfig systems, see ispconfig cluster installation tutorial. A clusters etup has the benefit that all nodes can also act as imap and pop3 server for all accounts.
I understand the pros of a cluster installation and it will be one of the next enhancements in our data centre. Szenario 2: MX 10 is a email server of the customer with greylisting (often a sophos firewall) MX 20 is a ISPConfig managed email server configured to be a backup with "email routing transport" for "customer.com" -> [customer mailserver] and a "relay recipient list" containing all valid email addresses of the customer email server. As I understand, the only way to get greylisting activated in such szenario ist to use Rspamd? Is Rspamd fully configured by ISPConfig? Spamfilter > User/Domain will also be in place for relay recipients? Is "Spamfilter > User/Domain" only respected on mailserver where Rspamd ist installed or also when amavis is installed?
No, you can also configure postgrey globally by customising the postfix main.cf config. yes. yes, see my posts above. It is for amavis and rspamd.
Thank you so far! When ISPConfig changes the postfix main.cf, it will patch it only? So changes I did, will be preserved?
Search the forum for conf-custom, you will find a lot of threads that describe how to preserve a custom configuration.
