Topic: Ciphermail running "in front" of SMEServer

[brianr]

I am looking at using the Ciphermail product to pre and post process email sent and received through SMEServer (acting as a gateway)

I can see how to get the Ciphermail server to post process email by setting it up an an "SMTP Server" under email settings in the Server Manager.

In order to get email delivered initially to the Ciphermail server I could switch the SMEServer to a non gateway server and put a router in front of both, and port forward port 25 to the CIphermail server which will then deliver the email to the SMEServer but I'd rather keep the SMEServer as a gateway, so I am wondering how to forward port 25 from the SMEServer to the CIphermail server and then deliver the processed email back to the SMEServer on a different port.

[William R H]

I am looking at using the Ciphermail product to pre and post process email sent and received through SMEServer (acting as a gateway)
...

some thoughts...

What we are trying to do is put Ciphermail as an email encryption gateway in-between SME Server and the world. It would seem to do all the wonderful things I wanted in my posting of

How to supplement email from a very primitive client?

It is running in a VM that relies on SME Server in another VM for routing.   

We don't want the email processing of SME Server to be altered in any way.

So on SME Server "Address of Internet provider's mail server" will do ok for outgoing email - shovelling it all out to Ciphermail which sends it out to external SMTP servers without any issues. The only gotcha there is to make sure that SME Server doesn't proxy the SMTP traffic after Ciphermail processing?

Incoming remote can be done surely by port forwarding? so e.g. incoming port N traffic is forwarded to the Ciphermail gateway then having been processed there is sent back by Ciphermail to say port M which is forwarded to localhost port N where SME Server does its normal thing - spamassassin, clamav, procmail, IMAP folders and all.

All that is needed to make that work is that Ciphermail outgoing port numbers should be customisable?

William

[ReetP]

At a guess you can modify the smtpd port here:

smtpd=service
    Authentication=enabled
    Instances=40
    InstancesPerIP=5
    MaximumDateOffset=0
    PatternsScan=disabled
    Proxy=blocked
    TCPPort=25
    TCPProxyPort=25
    VirusScan=enabled
    access=public
    status=enabled
    tnef2mime=enabled

Probably need a good root around the wiki for more information

[brianr]

At a guess you can modify the smtpd port here:

smtpd=service
     TCPPort=25
    TCPProxyPort=25
 
Probably need a good root around the wiki for more information

That will do the part that receives the email from the ciphermail server, but I still need to receive incoming email on port 25 from the internet on the smeserver, and pass it to the ciphermail server.

Would the normal port forwarding on the SMEServer allow us to forward port 25?

[ReetP]

That will do the part that receives the email from the ciphermail server, but I still need to receive incoming email on port 25 from the internet on the smeserver, and pass it to the ciphermail server.

Would the normal port forwarding on the SMEServer allow us to forward port 25?

I *think* that is the smtp server listening port.

If you check /var/service/qpsmtpd/run you will see

Code: [Select]

exec /usr/local/bin/softlimit -d ${SOFTLIMIT:-25000000} -s ${SOFTLIMIT:-25000000} -l ${SOFTLIMIT:-25000000} \
  /usr/bin/qpsmtpd-forkserver \
-u qpsmtpd \
-l 0.0.0.0 \
[color=red] -p ${PORT:-25} \[/color]
-c ${INSTANCES:-40} \
-m ${INSTANCES_PER_IP:-5}

Look at runev in the same directory

Code: [Select]

# This templated file is sourced by the qpsmtpd run
# file. Shell variables can be set here for use by the run
# script, or environment variables can be exported for use
# by qpsmtpd.
INSTANCES=40
INSTANCES_PER_IP=5
export PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin
export PORT=25
SOFTLIMIT=25000000
export TCPLOCALHOST=esmith.

I believe that is picked up from the smptd settings. Tying changing it and signal-event email-update and then have check with netstat

[brianr]

II believe that is picked up from the smptd settings. Tying changing it and signal-event email-update and then have check with netstat

Yes, got it changed, however the "signal-event email-update" was not sufficient - it needed a reboot to change.

[ReetP]

Yes, got it changed, however the "signal-event email-update" was not sufficient - it needed a reboot to change.

OK - it may be that the smtpd server didn't restart correctly. Sometimes I think you have to send it something like 'sv -something' to get it to properly restart.

Let us know how you get along....

[brianr]

Got incoming email working now. forwarded port 25 to the ciphermail appliance, and set it to forward to port 125 on the SMEserver and modified SMEServer smtpd to listen to port 125 by changing the smtpd/TCPPORT config and then email-update then reboot.

Every thing seems to be working.

Will now do it for my client, and he can play with the S/Mime and GPG signatures etc.

[ReetP]

Be good if you can do a wiki page !!

[brianr]

Be good if you can do a wiki page !!

Will do when I get a few minutes...am about to re-implement on my customer, so I'll have it fresh then..

[ReetP]

Cool. Thanks Brian.