Questions about Mercury

Rolf Lindby

posted Apr 17 '09 at 3:39 pm

[quote user="flim"]

The IronPort MTA will receive messages from internal Domino server, by

default the messages are send to internet gateway (192.168.1.1), but

for some domain it will sned to VPN gateway (192.168.1.2). Is Mercury support custom domain list to route message to VPN gateway?

[/quote]

[quote user="flim"]

As there are many different domain (branches of company), like "abc.com", "def.com", if the receipent domain match those domain, the MTA will route the e-mail to a central VPN MTA, and the VPN MTA will route the email to target domain.

[/quote]

I'm still not sure I understand your setup. The Domino server sends all outgoing mails to a MTA (Mercury). This MTA will then deliver all external mail normally, but should deliver messages for a number of special domains via VPN connections instead of according to the public MX records for those domains. Is there then another "central VPN MTA" that receives the messages and relays them to the destination MTA for each domain, using VPN connections??

/Rolf

[quote user="flim"] The IronPort MTA will receive messages from internal Domino server, by default the messages are send to internet gateway (192.168.1.1), but for some domain it will sned to VPN gateway (192.168.1.2).&nbsp; Is Mercury&nbsp;support&nbsp;custom domain list to route message to VPN gateway?&nbsp;[/quote][quote user="flim"]As there are many different domain (branches of company), like "abc.com", "def.com", if the receipent domain match those domain, the MTA will route the e-mail to a central VPN MTA, and the VPN MTA will route the email to target domain. [/quote]I'm still not sure I understand your setup. The Domino server sends all outgoing mails to a MTA (Mercury). This MTA will then deliver all external mail normally, but should deliver messages for a number of special domains via VPN connections instead of according to the public MX records for those domains. Is there then another "central VPN MTA" that receives the messages and relays them to the destination MTA for each domain, using VPN connections??/Rolf&nbsp;

flim

posted Apr 16 '09 at 7:22 am

Hi, I would like to know more about Mercury before test it.

I plan to replace IronPort with another MTA, IronPort offer SMTP Routes and custom message filters:

1. SMTP Routes

The IronPort MTA will receive messages from internal Domino server, by default the messages are send to internet gateway (192.168.1.1), but for some domain it will sned to VPN gateway (192.168.1.2). Is Mercury support custom domain list to route message to VPN gateway?

2. Message filter

The IronPort MTA can check the message header, the rule is the sender must Cc to a predefine receipent if the email has attachement, otherwise the message will reject back to sender. The filtering policy is like this:

Bruce_Lam: if(mail-from=="(?!)Bruce_Lam@ab.com") AND ((header("Cc")!="(?!)Peter_Wong@ab.com") AND (attachement-size > 0))

{

notify("$EnvelopFrom", "E-mail rejected: Please Cc to your supervisor");

drop();

}

If Mercury support those features I am interest to license it.

Thanks!

Hi, I would like to know more about Mercury before test it. I plan to replace IronPort with another MTA, IronPort offer SMTP Routes and custom message filters: 1. SMTP Routes The IronPort MTA will receive messages from internal Domino server, by default the messages are send to internet gateway (192.168.1.1), but for some domain it will sned to VPN gateway (192.168.1.2).&nbsp;Is Mercury&nbsp;support&nbsp;custom domain list to route message to VPN gateway? 2. Message filter The IronPort MTA can check the message header, the rule is the sender must Cc to a predefine receipent if the email has attachement, otherwise the message will reject back to sender. The filtering policy is like this: Bruce_Lam: if(mail-from=="(?!)Bruce_Lam@ab.com") AND ((header("Cc")!="(?!)Peter_Wong@ab.com") AND (attachement-size &gt; 0)) { &nbsp;&nbsp; &nbsp;notify("$EnvelopFrom", "E-mail rejected: Please Cc to your supervisor"); &nbsp;&nbsp;&nbsp; drop(); } &nbsp; If Mercury support those features I am interest to license it. &nbsp; Thanks! &nbsp; &nbsp; &nbsp;

dilberts_left_nut

posted Apr 16 '09 at 7:28 am

[quote user="flim"]

1. SMTP Routes

The IronPort MTA will receive messages from internal Domino server, by default the messages are send to internet gateway (192.168.1.1), but for some domain it will sned to VPN gateway (192.168.1.2). Is Mercury support custom domain list to route message to VPN gateway?[/quote]

No, but...

You may be able to work around this with a DNS hack or the "mxredir" daemon.

[quote]

2. Message filter

The IronPort MTA can check the message header, the rule is the sender must Cc to a predefine receipent if the email has attachement, otherwise the message will reject back to sender. The filtering policy is like this:

Bruce_Lam: if(mail-from=="(?!)Bruce_Lam@ab.com") AND ((header("Cc")!="(?!)Peter_Wong@ab.com") AND (attachement-size > 0))

{

notify("$EnvelopFrom", "E-mail rejected: Please Cc to your supervisor");

drop();

}

[/quote]

This can also be achieved fairly easily with Mercury filters.

[quote user="flim"]1. SMTP Routes The IronPort MTA will receive messages from internal Domino server, by default the messages are send to internet gateway (192.168.1.1), but for some domain it will sned to VPN gateway (192.168.1.2).&nbsp;Is Mercury&nbsp;support&nbsp;custom domain list to route message to VPN gateway?[/quote]No, but...You may be able to work around this with a DNS hack or the "mxredir" daemon.[quote] 2. Message filter The IronPort MTA can check the message header, the rule is the sender must Cc to a predefine receipent if the email has attachement, otherwise the message will reject back to sender. The filtering policy is like this: Bruce_Lam: if(mail-from=="(?!)Bruce_Lam@ab.com") AND ((header("Cc")!="(?!)Peter_Wong@ab.com") AND (attachement-size &gt; 0)) { &nbsp;&nbsp; &nbsp;notify("$EnvelopFrom", "E-mail rejected: Please Cc to your supervisor"); &nbsp;&nbsp;&nbsp; drop(); }[/quote]This can also be achieved fairly easily with Mercury filters.

flim

posted Apr 16 '09 at 8:16 am

Would you give more detail about "mxredir" daemon? As SMTP routes is the primary requirement of MTA here.

Thanks!

Would you give more detail about "mxredir" daemon? As SMTP routes is the primary requirement of MTA here. &nbsp;Thanks!

dilberts_left_nut

posted Apr 16 '09 at 8:47 am

http://community.pmail.com/search/SearchResults.aspx?q=mxredir

I suspect that what you really want is just that certain domains MX records will resolve to an IP address in the VPN range rather than the public range. (This is quite different to "sending it to the VPN gateway" and really has nothing to do with the mail server). The actual routing should be taken care of by the OS.

This is very easy if you have your own DNS server, or you could set one up (there are quite a few small footprint caching type DNS server apps) on the Mercury machine with the required custom A records for the relavent MX entries, and only point MercuryE at it.

<a href="/search/SearchResults.aspx?q=mxredir" title="http://community.pmail.com/search/SearchResults.aspx?q=mxredir" mce_href="/search/SearchResults.aspx?q=mxredir">http://community.pmail.com/search/SearchResults.aspx?q=mxredir</a>&nbsp;I suspect that what you really want is just that certain domains MX records will resolve to an IP address in the VPN range rather than the public range. (This is quite different to "sending it to the VPN gateway" and really has nothing to do with the mail server). The actual routing should be taken care of by the OS. This is very easy if you have your own DNS server, or you could set one up (there are quite a few small footprint caching type DNS server apps) on the Mercury machine with the required custom A records for the relavent MX entries, and only point MercuryE at it.

flim

posted Apr 16 '09 at 9:32 am

What I need is if the receipent is on certain domain (".abc.com") the MTA will send to another mail server on VPN. By default the MTA just send to internet directly.

What I need is&nbsp;if the receipent is on certain domain (".abc.com") the MTA will send to another mail server&nbsp;on VPN. By default the MTA just send to internet directly. &nbsp;

dilberts_left_nut

posted Apr 16 '09 at 11:36 am

You just need to set MercuryE to use a DNS server that will resolve the listed MX for abc.com to the VPN ip address.

Rolf Lindby

posted Apr 16 '09 at 4:15 pm

You may want to have a look at this thread:

Domain forwarding

/Rolf

You may want to have a look at this thread:<a href="/forums/thread/14135.aspx" mce_href="/forums/thread/14135.aspx">Domain forwarding</a> /Rolf&nbsp;

Thomas R. Stephenson

posted Apr 16 '09 at 6:17 pm

Would you give more detail about "mxredir" daemon? As SMTP routes is the primary requirement of MTA here.

The MXREDIR is broken and does not work as specified.

<blockquote>Would you give more detail about "mxredir" daemon? As SMTP routes is the primary requirement of MTA here.</blockquote>The MXREDIR is broken and does not work as specified. &nbsp;

flim

posted Apr 17 '09 at 4:28 am

I'd like to clarify about the domain rewrite.

As there are many different domain (branches of company), like "abc.com", "def.com", if the receipent domain match those domain, the MTA will route the e-mail to a central VPN MTA, and the VPN MTA will route the email to target domain.

So I don't know the IP of "abc.com", "def.com". Is the rewrite fit in this case?

I'd like to clarify about the domain rewrite.As there are many different domain (branches of company), like "abc.com", "def.com", if the receipent domain match those domain, the MTA will route the e-mail to a central VPN MTA, and the VPN MTA will route the email to target domain. So I don't know the IP of "abc.com", "def.com". Is the rewrite fit in this case?

Thomas R. Stephenson

posted Apr 17 '09 at 6:43 am

[quote user="flim"]
I'd like to clarify about the domain rewrite.
As there are many different domain (branches of company), like "abc.com", "def.com", if the recipient domain match those domain, the MTA will route the e-mail to a central VPN MTA, and the VPN MTA will route the email to target domain.
So I don't know the IP of "abc.com", "def.com". Is the rewrite fit in this case?

Ok, lets see if I can explain how I do this for multiple domains via a gateway server. Here are the domains I host on my gateway server. All of the domains are registered to the same IP address (209.128.94.2) of my router and port forwarded to my system running Mercury/32 (192.168.1.2). All SMTP mail from the outside world comes in via the gateway server.

[Domains]
stephens: stephens
stephens: [209.128.94.2]
stephens: mail.tstephenson.com
stephens: tstephenson.com
stephens: [192.168.1.2]
dm=merwin: merwin-tstephenson.com (Windows system using mn-win.dll)
dm=ubunto: linux-tstephenson.com (Ubuntu v8.10 & Wine)
stephens: dyndns-tstephenson.dyndns.org
dm=merwin: merwin.dyndns.org
daemon:c:\mercury\mercfwd.dll;[192.168.1.3]: novell-tstephenson.com (Netware v3.2 Mercury.NLM)
daemon:c:\mercury\mercfwd.dll;[192.168.1.153]: xampp.from-ca.com (Windows laptop with XAMPP install)

The domains with stephens: are handled on the local server. The domains with dm= are domain mailboxes and are forwarded off to another server using the program WSMTPEx; the domains with daemon: are forwarded off to the other host by the daemon to Mercury residing on the specified IP address. Each of the other systems is a separate Mercury host running on the LAN but they could be located anywhere since the messages are being send via SMTP.

The forwarding to the other server is always by IP address since the DNS points the domain to this server.

FWIW, the simple domain rewrite and the daemon require you to be using MercuryE End-to-End server for sending; the program WSMTPEx is a SMTP client so it sends the mail by itself directly to the other host not using Mercury at all.

[/quote]

<blockquote>[quote user="flim"]I'd like to clarify about the domain rewrite.As there are many different domain (branches of company), like "abc.com", "def.com", if the recipient domain match those domain, the MTA will route the e-mail to a central VPN MTA, and the VPN MTA will route the email to target domain. So I don't know the IP of "abc.com", "def.com". Is the rewrite fit in this case?</blockquote>Ok, lets see if I can explain how I do this for multiple domains via a gateway server.&nbsp; Here are the domains I host on my gateway server.&nbsp; All of the domains are registered to the same IP address (209.128.94.2) of my router and port forwarded to my system running Mercury/32 (192.168.1.2).&nbsp; All SMTP mail from the outside world comes in via the gateway server. &nbsp;[Domains] stephens: stephens stephens: [209.128.94.2] stephens: mail.tstephenson.com stephens: tstephenson.com stephens: [192.168.1.2] dm=merwin: merwin-tstephenson.com&nbsp; (Windows system using mn-win.dll) dm=ubunto: linux-tstephenson.com&nbsp; (Ubuntu v8.10 &amp; Wine) stephens: dyndns-tstephenson.dyndns.org dm=merwin: merwin.dyndns.org daemon:c:\mercury\mercfwd.dll;[192.168.1.3]: novell-tstephenson.com&nbsp; (Netware v3.2 Mercury.NLM) daemon:c:\mercury\mercfwd.dll;[192.168.1.153]: xampp.from-ca.com (Windows laptop with XAMPP install) The domains with stephens: are handled on the local server.&nbsp; The domains with dm= are domain mailboxes and are forwarded off to another server using the program WSMTPEx;&nbsp; the domains with daemon: are forwarded off to the other host by the daemon to Mercury residing on the specified IP address.&nbsp; Each of the other systems is a separate Mercury host running on the LAN but they could be located anywhere since the messages are being send via SMTP.The forwarding to the other server is always by IP address since the DNS points the domain to this server.FWIW, the simple domain rewrite and the daemon require you to be using MercuryE End-to-End server for sending; the program WSMTPEx is a SMTP client so it sends the mail by itself directly to the other host not using Mercury at all. [/quote]

Related Topics

Pending draft

Confirm move posts

Insufficient permissions

Select a different topic

Edit history