I have a situation at hand which Im thinking of how to resolve.
Where:
companyA uses ISP-A for internet access at work.
whenever the ISPs address is blacklisted, companyA cannot send emails through their domain.xyz… mail.domain.xyz. This happens frequently and it takes like 4days to resolve each time.
when the ISPs address is blacklisted, companyA cannot visit their webmail addr…as their ISPs address gets filtered by their webhosting provider.
I have setup a VMIN server to use as a relay, for example: relay.domain.xyz. I dont want to migrate the customers email accounts, just a relay solution which can be used temporarily. CompanyA has about 70-email users. Users can just change their outgoing addr whenever the issue happens.
Please advise, is this achievable?
How and what settings can I use
Create a virtual server with the domain of CompanyA. Then create users in Virtualmin such that every email address that CompanyA uses is also created in the virtual server in Virtualmin.
Once this is done, just configure the email client of each user of CompanyA to use the Virtualmin server as the outgoing server.
This will solve your problem of blacklisted IP address.
Additionally you will have to edit the SPF record for the domain of CompanyA as will as DKIM etc to permit the Virtualmin server to deliver mail for the domain.
@calport
Thanks for your response.
Just to confirm / clarify:
CompanyA has about 70-email-users which they manage via Cpanel provided by their webhost.
I have setup a virtual server with the domain of companyA… relay.companyAdomain.tld
Do you mean I need to create each of their 70-users on the virtual server?
what happens where they add a new user emailID between months of using the relay server as their outgoing addr(MS outlook) and Im not aware / the new user is not created on the virtual server…meaning he/she would be able to use the relay next time their IP gets blacklisted.
No need for Virtualmin, just setup a secure outgoing email server and then use it as a smarthost for the original server. No need to create individual accounts etc.
I had imagined companyAdomain.tld would be set up as a virtual server in Virtualmin, not relay.companyAdomain.tld
Yes.
I had imagined that whoever was using Cpanel to create email addresses would also take the additional step to create the corresponding email address in Virtualmin. This would be the simplest but labour intensive way to achieve the sort of relaying that you want.
Virtualmin has APIs which could be used to automate this, if you feel it is necessary to do so.
Update on the above: I have setup a mail-server using VMIN for the enduser: companyA, however, it is sitting locally with them. Reason is, their webhosting HD capacity is eaten up by emails. Now, they have more space, has been running a couple of days.
However, the ISP IP-address possibly getting blacklisted remains the same.
I’m setting up the remote virtual server now. What settings will make this server a smarthost for the other server local that is at companyA.
Also, what settings do I change on the server local to companyA to make it route all mails through the smarthost?..
Surely this comes down to the question why is CompanyA’s current IP being blacklisted.
The reason has to be that a user on their existing IP is spamming or the web content is being reported as offensive/abusive/illegal. they should be identifying the reason by contacting the blacklist and requesting removal (assuming that it is not a user) and by providing evidence.
If it turns out to be a user/employee then they need to educate/dispense with the user.
Simply transferring the problem to a new server (a nice clean IP is valuable and becoming a vey scarce resource) too many are on blacklists already. If content or spammy user is the problem your nice squeaky clean IP is going to be blacklisted very fast.
Thanks. Your comments are well received. An IP could be blacklisted for several reasons. It could be the immediate users fault: spam as you say, but it might not be.
Several times, organizations that publish spam-lists could list a whole pool of IPs…/24 for example…for their own internal system valid reasons of course. It doesnt mean that every individual user in the pool is guilty of spam. Maybe a good number but so many will be guilty just by association…of having an IP belonging to the same blacklisted pool… Ofcourse the ISP has work to do, and most times, the end-users suffer.
I’m only interested in 1-enduser, and I dont know/have control what goes on in their ISP.
Thats why I’m asking questions, hoping to find answers to a problem.
Create your remote mail server, check that it’s IP isn’t in any blocklists.
Make firewall rules to only allow SMTP (port25) from your origin server.
On the origian server, go Webmin, Servers, Postfix Mail Server, General Options then first line under Other General Options is:
Send outgoing mail via host. Set it to your remote mail server.
Apply SPF, DKIM, DMARC as you see fit.
Keep in mind that any spam from your origin server could cause your remote server to get blocklisted, so you really need a way to manage junk, virus, attacks etc.
Now I have vminserver#1(domain1), vminserver#2(domain2) and vminserver#3(domain3) in my lab setup. Each has a virtual server with above domains.
Each can send mails to each other; server to server, and each can receive from one-another.
I want to send mails from vminserver#1 through vminserver#2 to vminserver#3…at least to see how things work locally first.
In vminserver#1
in Postfix MS >> general options >> first line >> outgoing mail via host is updated as mail.domain2 dotcom
in SMTP authentication and encryption, what login do I use for the outgoing mail host?
I created a user in vminserver#2(domain2 dotcom) and used the credentials in vminserver#1(smtp authentication and encryption). When I send a mail from vminserver#1, it bounces with the error: relay (access denied)
what other settings do I need to get my setup running?