Scalix Forums

Pardon this question in case it has already been answered before, but a search of the forums could not get it.

Our setup is that our web host is also providing email facilities on our domain and this is sufficient for us. However:

1) To optimize the situation wherein employees mailing each other and sending attachments are not unnecessarily sent out over the internet and then downloaded again we would like to run an own solution
2) Also to get calendar functionality
3) We would like to leave our domain mail server on the hosted account as we cannot be sure that our internal server will be up 24 hours.

Question:

Can Scalix be configured so that :

1) It runs on our internal n/w and passes on emails between employees locally.
2) However when the mail is to external parties, the mail needs to be routed through our hosted SMTP server
3) Also mails from the external mail server needs to be downloaded via POP3 or IMAP

This gives the advantage of a 24 hour available mail server on the internet and an internal server (Scalix ?) that would provide the rest of the groupware features and seamlessly handles the internet relay traffic.

Is such a solution possible to be implemented with Scalix ? All help is appreciated

Regards
S

It's a bit ugly, but you could do it.

Use fetchmail to retrieve user emails from the external server. This will require one by one config for the users mail retrieval.

Use your ISPs smtp server as your smarthost for sending.

I will say, this will be annoying administratively, and it will not take long before you just drop the external ISP mail solution.

If email can't reach your server, it will queue on the sending side for several days before there is an issue. During that time, it will repeatedly try to send the message to you.

1) Reason why we want to leave the main mail on our hosting server is that we would run the internal server off a DSL line and want to make sure that in case of line outage, people can still access email remotely via a diff. internet connection.

2) We are looking at a small set of users .. max 10 to start with and may grow to about 20 in a couple of years. Would you still see that as an administrative pain ?

Thanks for your time and attention to this

Cheers

Yes, I still see it as an administrative pain because you'd need to set up email twice for each person. And this will be (at best) a mediocre solution. Remember, your remote users will have their email ripped off the ISP's server and moved to Scalix (at least as I'd envision it), so if you were down, they still wouldn't see their email. Also, you'd need to have 2 places for them t check email. Internal and external. And that again, would be double the workload.

I'd be far more tempted to add a PFsense box, and run 2 ISPs. They don't need to have much horsepower, with 10 users, you'd be fine to just use home-class connections rather than business.

Kev.

Hi Kev

Thanks for that input .. really helps. The only reason of having the hosting provider and pulling down emails was even when the internal server is down, we can still Send emails from the Domain. But you are right we cant read emails already pulled down unless they are also left on the server, in which case it leads to more confusion given two sites to check.

Couple more questions:

1) Since you are suggesting that we run the Scalix server as the main server, do you think its better to not still use the ISP but rather use a Backup MX service ? If yes, can you recommend any you have used or been referred to ?

2) If the local ISP is blocking port 25, how would Scalix handle that ?

Regards

I wouldn't use a backup at all, personally. The mail will queue up on the sending side and wait for your ISP to come back online. Unless you have a REALLY bad internet connection, where you expect to be down for several days, you'd be fine without it, in my view. For the cost of a backup MX, I'd get a second ISP connection, that way, the liklihood of having both down is drastically reduced, assuming they're actually different (one DSL, one Cable for example). If you had 2 DSL lines, for example, they MAY be reselling the same circuit, and if it was accidentally dug up, or otherwise cut, both connections would go down. Additionally, with a second ISP, you provide a redundant internet connection to your LAN users as well. Heck, if your ISP allows you to use bonded 56K modems, you could have the equivalent of an ISDN connection, and you MIGHT even find that it was included in the cost of your Broadband connection. That wouldn't fix inbound, but it would address outbound.

In terms of sending, you could still relay outbound messages through somewhere that allowed authenticated connections. I've used Novell's myrealbox, but I assume yahoo, hotmail and gmail would likely all work.

As for blocking inbound port 25, I'd find a different ISP, or at least talk to them about it.

If you mean you can't send out on port 25, just use your ISP's SMTP server as a smarthost relay. That takes the burden of rDNS and stuff off of you anyway.

Kev.

Thanks for the tip on the Backup MX server .. The internet is full of blogs that talk about the merits and demerits of having a backup MX server. All Backup MX providers (obviously) talk of the fact that not all MTAs handle this similarly and may even bounce back a message in a few hours and therefore recommend using their Backup MX service. Is that just a sales pitch ?

rDNS was exactly my next question. Would I need to get a static IP and setup rDNS ? (My ISP to my knowledge does not allow relaying mails from a domain via their SMTP server).

My confusion is : Lets assume the domain is abc.com
1) abc.com is currently hosted on a vps webhost with a static ip
2) my Scalix mail server needs to receive all mails sent to abc.com .. does this mean I need to setup an MX record for abc.com to point to my scalix server (via DynDNS)
3) when sending mails I can then relay it via my hosting SMTP server right ?

Thanks

It's worth your time to call your ISP, and tell them that you are thinking about bringing email inhouse. Ask them what would be required to make that happen.

Kev.

Hi Kev

I tried just that .. unfortunately they were not able to help. So I need to request you and the forum for some precious time again.

After some more research, I found that I can potentially create another solution. Please let me know if this will work.

1) On the VPS setup sendmail to relay using the /etc/mail/mailertable and the /etc/mail/access files. For eg. assuming my VPS is pointing to abc.com, I can now setup all emails directed to abc.com on my VPS to be redirected to scalix.abc.com
2) Scalix would run on scalix.abc.com on a dynamic IP and would receive all the emails relayed by the VPS on abc.com
3) When sending Scalix would simply do (as you suggested) a smarthost relay via abc.com

This ensures that I dont need to change anything at all (reverse dns, name servers etc etc all work. When my relay server is down, mails also wait at the primary domain. I just need to add an additional A record for my Dynamic IP scalix server)

Will this work ?

One additional question: If I have such a setup will mails within Scalix (amongst the group) when sent to emp1@abc.com and emp2@abc.com, will they get routed out via the gateway or will Scalix manage that smartly and keep it for local delivery (remember Scalix is running as scalix.abc.com) ?

Thanks a ton for your attention to this, really appreciate it

That should work.

When you get a license from Scalix, request that it be valid for abc.com and scalix.abc.com.

Before you create any users, add a second domain through SAC, and set your user creation so that they can recieve email destined for joe.user@abc.com as the primary, and joe.user@scalix.abc.com as the secondary. As long as the top address is correct, the other aliases will just get dumped in with it. Mail sent out will always go with the address listed first.

For internal only communication, Scalix will handle it intelligently, and in fact, the address will look like this joe user/mailnode. Those messages will continue to be handled internally.

If a user from inside send mail out, Scalix will drop it to sendmail, which will fail to send, and defer the message. After 4 hours, the user will get a warning notification, but it will continue to wait in the queue for days. As soon as your internet comes back up, the queued messages will be sent (There may be as much as a half hour delay before that starts, but there will not need to be any manual intervention.)

Kev.

Thanks Kev .. that really helps.

Before buying a license I first wanted to check with the Community edition that all works (and later upgrade with the license)

The addiing of a second domain etc is all possible with the community edition right ?

Thanks & Regards

Testing with community is a good idea.

You can have multiple domains with community.
Upgrading the license is easy and painless.

Hi Kev

Got the settings just as you had described. One last step now ..

Since Iam behind a router I need to setup port forwarding to the Scalix machine. Can you let me know what all ports I need to forward ? Just 25 or more ?

Thanks & Regards

You may need lots, but at minimum, you'll need port 25 to receive email, and port 80 to use the webclient. If you use Outlook through the firewall, you'll (at least) need 5729.

If you search the forum, you'll find other posts describing the other ports you may potentially need. For some more advanced functionality, you'll need a few other ports as well. But this will likely meet your initial needs.

Kev.