Hi,
On Mon, Jul 28, 2008 at 2:03 AM, Jason Butwell <jmbits@???> wrote:
> The idea
> is to be able to send emails around the office along with big attachments...
<rant>
Why do people insist on using SMTP to send "big attachments" - there
are far more effective and reliable mechanisms available, such as ftp
to do this.
</rant>
> and to be able to accept individual email from the outside world and to be
> able to send email to the outside world via the ISP's smart host if possible
> so they can handle the spamming/abuse issues, etc.
Not sure I follow you here. The only thing you are using the ISP for
is *sending* email from your own domain. They're not receiving your
email, and we assume you won't be sending spam or abusing the system.
> It is necessary for the
> individuals to be able to get their email via web interface such as
> squirrelmail and outlook would be welcome too if possible.
Beware outlook / entourage. They have significant problems with
handling secure SMTP.
> I wanted spamassasin and clamav installed to take care of any crap that comes in.
OK.
> My domain name is jmbit.co.uk and my dyndns is jasybee2000.ath.cx, obviously
> it wasnt bob.co.uk as mentioned earlier as that was an example and not to
> reveal the real addresses but I am now doing so here to alleviate the
> confusion of someone saying dont use that domain as it belongs to someone
> else. Erm, well yeah! obviously! My name is Jason so why the hell would I
> have a domain called bob.co.uk! Thought that was obvious!
As a general rule of thumb, avoid example/bogus information unless it
is truly a requirement for privacy / security.
> I have already had a word with a friend who knows a bit about this and he
> has informed me that using a combination of a dyndns.org name a real domain
> name should not be a problem.
As Vic says, I think you should probably do a bit of reading about
DNS. The concepts are fairly simple, but underpin most of what you
are doing.
> He basically told me to change the DNS
> settings on the jmbit.co.uk domain to the following:
>
> A, CNAME and TXT records
> Name Type Content.
> @ A 194.154.164.82 (unchanged)
> mail CNAME jasybee2000.ath.cx.
> www A 194.154.164.82 (unchanged)
>
> MX Records
> Name Priority
> jasybee2000.ath.cx. 10
>
> Does anyone agree with this?
It's very simple. You need to tell DNS the location of the server
that handles email for the domain jmbit.co.uk.
How are you going to do that? Well, if jasybee2000.ath.cx resolves to
the external IP address of your ADSL router, from which the relevant
ports will be forwarded to your mail server, then the Mail Exchanger
(MX) record should be jasybee2000.ath.cx.
There's no requirement for the CNAME - you can call your mailserver
arse if you like, or just use its actual name. Calling it something
sensible like mail is a good idea, though, if people are going to be
using a webmail client, and so they can enter something obvious in
their mail clients. If users need to be able to access the mailserver
from outside the office, you do need it to be handled by 123reg's DNS
servers, otherwise you could just manage it internally.
> I am not sure as to wether the mail relay to smtp.ntlworld.com is
> going to work but I can telnet into it no problem so I presume their
> mailserver smtp is open?
If the only place from which it is used is an ntlworld-provided IP, it
will work. What will almost certainly not work is attempting to relay
through that maik server from a non-ntlworld IP, such as from a
different office or 3G card.
> My friend informs me I have to call the box mail
As mentioned - this is convenient, but not required.
> and update the hosts file
> to include mail.jmbit.co.uk pointing to its internal IP as well?
Not strictly, if DNS knows about mail.jmbit.co.uk.
> Please no more flaming my efforts
There was absolutely no flaming. You'll get best results by providing
sufficient detail (not "it won't work", but "when I try to connect to
my mailserver, it asks for authentication - where do I configure
this?"). For the win: What (exactly) did you do? What (exactly) did
you expect? What (exactly) happened? How did what happen differ from
what you expected.
> I am really trying to understand this here! Someone give me some
> credit at least!
You're unlikely to get credit. You might get a bit of respect if you
get it all running well, and perhaps contribute a how-to to the wiki.
Also if you begin to ask smart questions [1] people will begin to take
your case more seriously and be prepared to spend their time helping
you.
I'm concerned you've not considered a few things so far.
Firstly, you haven't mentioned how users are going to retrieve their
email. Where from? Are they wedded to using their current email
clients (ie must you support Outlook)? Will you use POP3 or IMAP? Is
this only ever inside the office? What about security of emails and
passwords?
Secondly, you appear not to have a backup MX. Is your server hardware
very reliable? with multiple power supplies? do you have a UPS? Is
the power in your office reliable? Is the router reliable and not
prone to dying over the weekend? If your mailserver dies, you may
lose mail, you will lose time, and cause your company considerable
pain. Do you plan to offer any service guarantees? If this is a
commercial company, you're setting yourself up for a support headache,
as everyone considers email to be an absolute necessity. That's fine
if you're the sysadmin, you get paid well, and you have the expertise
to build a resilient system. With respect, it sounds like you lack
that expertise at the moment, and I suspect you're doing this out of
interest / love / desire to learn. That's to be encouraged, but be
careful not to get into trouble. When your colleagues lose access to
email when you're on leave, and no-one know how to fix it, you're
going to be pretty unpopular.
Thirdly, how do you plan to backup your emails? I'm sure you've
thought of this, but again, try to make sure it is reliable and
automated, not dependent on you. Also, backups aren't backups if
they're on the same site. Think about that :)
I'd suggest you have a chat with whoever hold the budget for this
project, and establish what sort of service agreement they expect.
They will expect something, even if it is implicit. If it is high
(it's likely to be), then you may want to reconsider - hosted exchange
platforms are incredibly cheap. There's a trade-off - you won't learn
anything, and you won't have control over it, but it is
cost-effective, and someone else gets the call at 0200 hrs when it
doesn't work. You could also consider finding someone / some company
who will help you set this up, but provide training and documentation.
That shares the load, and may get you a more reliable solution. It
also means you get to learn "on-the-job" from someone who's done it
lots of times before.
Good luck, and feel free to ask more questions.
S.
[1]
http://www.catb.org/~esr/faqs/smart-questions.html
