External Filtering Service Requirement

Eddev · February 26, 2017, 4:27pm

I have my MIAB set up and running really well on box.example.com and have multiple other domains added to the MIAB server. I have the A records for the main domains pointing to external servers with no problems. DNSSEC is set up and running perfectly. All in all a really good set up.

So why would I want to change anything?

I have a special requirement for an external mail filtering service for some of my domains. It’s not that I want to…especially since my setup is working so well. The filtering service requires:

To stop direct delivery of emails to your mail server, we recommend that you alter and configure your Firewall or mail servers to accept SMTP connections on port 25 us with the range listed

(IP’s listed are not actually one’s used just examples and the Mailscrub domain is ficticious)
Subnet IP - 21.100.65.0
Subnet Mask -255.255.255.0
Net Mask -24
IP Range -21.100.65.0 - 21.100.65.255

Subnet IP - 52.100.65.0
Subnet Mask -255.255.255.255
Net Mask -32
IP Range -52.100.65.0

Then change the DNS MX records for the domains you added to our system to
Priority 10: mx71.mailscrub.dev
Priority 20: mx72.mailscrub.dev
Priority 30: mx73.mailscrub.dev

If you intend to send outbound through our service you must construct an SPF/TXT record
SPF/TXT record format
If you currently have a TXT record in place, you should alter it, by adding an additional statement is: ‘include:’ statement. Mailscrub include ‘include:spf.mailscrub.dev’

Is all this possible without breaking MIAB? or am I just wishful thinking and should look at other alternatives. I have experimented with multiple other server setups (10+) for an alternative mail system but none work as good as MIAB regards ease of setup, security, DKIM, SPF, DNSSEC, Backups etc.

MIAB is an amazing piece of kit. Any assistance appreciated on this one.

tkorves · March 2, 2017, 9:58am

Hi there,

as only inbound mail is sent through this service, I can say that it’s possible to do this - we’re doing the same with our own mailproxy in front of our MIAB installation. MX records for all domains which need filtering has been changed to the mailproxy server and this one forwards mail to MIAB. All is just running fine.

All the best, Tim

Eddev · March 2, 2017, 11:32am

Thanks Tim,

So by just changing the MX records on a per domain basis to the outsourced antispam service I still can get full functionality on MIAB without breaking anything? The anti spam service provides inbound and outbound filtering so am I still covered with outbound as well without having to adjust any SPF, DKIM, DMARC on the MIAB Box?

Eddev

tkorves · March 3, 2017, 6:10am

Hi Eddev,

do you require your antispam service to send messages on your behalf? What we’re doing is, filtering incoming mails but not sending outgoing mails through the mailproxy. So nothing needs to be changed - what could be a good idea is to add the IP address(es) of your antispam service to your SPF record.

All the best, Tim

system · March 10, 2017, 6:10am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.