I try to setup a typical mail relay, but I am not quit sure about the right configuration. This is my scenario: customer with domain mycustomer.de has an internal mailserver behind a dsl-connection with fixed IP. mx record for domain mycustomer.de points to my ispconfig-mailsystem mail.mysystem.de all incomming mails for mycustomer.de should be filtered (Spam, Virus) and then relayed to the customer mailserver the customer connection accepts smtp from my ispconfig-mailsystem all outgoing mails from the customer should be relayed through my ispconfig-mailsystem My setup is: Email -> Relay Domains: added mycustomer.de Email -> Email Routing: added a route for domain mycustomer.de to mail.mycustomer.de (dns points to the customers IP), no mx lookup Do I need to add something under Email -> Relay Recipients? How do I setup an account for the customer so he can use my mailserver as outgoing relay server? I could create an account within some of my own domains, i. e. [email protected] and give the customer these credentials for SMTP-Auth. Is this the correct solution? Will the system add any headers showing this special mail-account? All bounces or any other problems should not go to this account, instead should be routed back to the customer. I have this constellation for several customers so I just want to be sure to have the best configuration. Additional question: is it possible to add dkim to a domain in this setup?
The way you set up relaying, it's for outgoing messages. Wouldn't it make more sense to point the MX record to their home server, and let that server use a SMTP server of yours as relay?
The reason for this setup is availability and security. The customer has a typical DSL-Connection just with a fixed IP. If my server ist set in the MX-Record, the customer can accept SMTP only from my IP (better security for the customer). Also my mailsystem should do the job of spam and virus filtering. I have seen this kind of konfiguration very often. Well, the customer could also have Mailaccounts on my server and pulling this accounts to his local mailserver, but then he has to define the mailboxes twice. Would you recommend this? In the past I had a mailcow system which had support for such a configuration out of the box and at the moment I am still using Proxmox Mailgateway for some domains where this configuration is also no problem. Right now my plan is, to have all my customer mails on ISPConfig. Do you see any drawbacks with this E-Mail-Routing?
Using ISPConfig as a relay should be fine, I know setups where ISPConfig is used in front of Exchange to protect the exchange server from attacks. You should set up Email routing, relay domains and relay recipients for that. Creating the relay recipients is important to prevent backscatter issues. Backscatter would happen if the ispconfig server would forward the email for [email protected] to the final server while the final server will reject it. If ISPConfig knows which email addresses exist on the target server by creating them as mail recipients, then ISPConfig is able to reject invalid incoming emails right away.
Thanks for this info. Now it is clear why there is a setting for "relay recipients". I already have noticed that, without adding anything to recipients, no mail is accepted. Proxmox mailgateway has a function "check recipients" which checks against the final server if the user exists, but this is not always reliable. So manually adding to a list is possibly the better solution. We can still get Backscatter if the customer decides to rejct some mails for spam-policy-reasons. Do you know something how such Backscatter problems can be avoided? Maybe already implemented as part of ISPConfig? Something like "delete all mails that are rejected by the receiving mailserver" (of course only 5xx).
The safest option is probably when the final system is configured to accept the emails and ISPConfig is doing the spam filtering. You must add a record under spamfilter user/domain in ISPConfig for the domain you relay traffic to.
