Mail server (ispconfig) ... with relay host (frontend, Porxmox mail gateway) : possible ?

Discussion in 'Installation/Configuration' started by ledufakademy, Aug 14, 2020.

  1. ledufakademy

    ledufakademy Member

    Hello,
    i'm going to install complete webhoster with ispconfig.
    Few questions :
    1. Can i leave all my server with an internal FQDN, serverX.webhoster.local ? (mail server included ?)
      (for dns, databse, web, webmaster - panel - it seems to be ok ... but for ISPConfig mail server ... hummm)
    2. Do you see any issue with HAproxy as frontend, loadblancer to ISPconfig stuff ?
    3. Do you see any issue with Promox Mail Gateway (smtp 25-26 filtering solution) as frontend : relay host infact ! ?
    Thank you?

    I friendly share our , infra. schema design. (IP adress will be changed)
    For those who want to build their own ... ;-)
    Capture d’écran du 2020-08-14 16-56-23.png
     
  2. ahrasis

    ahrasis Well-Known Member

    This is more on a load balancing setup rather than ISPConfig, so have you tried searching or asking assistance in the relevant forum(s) instead?

    In my view, any machine(s) / device(s) that are doing load balancing should work fine infront of ISPConfig server(s) provided you know how to set it up properly.

    If you search howtoforge tutorials you may find few of the setups shared, however, its setup has nothing to do with ISPConfig.
     
  3. ledufakademy

    ledufakademy Member

    the question is about let's encrypt stuff in ispconfig ... for haproxy.
    i will use req.sni in order to route http request to the correct web server.
     
  4. ahrasis

    ahrasis Well-Known Member

    I can't find anything related to Let's Encrypt in the opening post of this thread or its title.

    Regarding proxy, there is a thread sharing a working Let's Encrypt using nginx as reverse proxy, which I think is related, so do dig the forum.

    Again, such setup has nothing to do with ISPConfig.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    I see no reason to do that. Many providers put ISPConfig in front of other mail solutions as a filter, so putting a filter in front of ISPConfig makes no sense to me as it won't give you any benefits.
     
  6. ledufakademy

    ledufakademy Member

    attacks, and monitoring are against relay, in dmz , ispconfig frontend mail server are safe .... just
    for that :
    upload_2020-8-19_17-25-26.png
     
    Last edited: Aug 19, 2020
  7. ledufakademy

    ledufakademy Member

    and finally :
    upload_2020-8-19_17-27-6.jpeg
     
  8. ledufakademy

    ledufakademy Member

    ispconfig seems to have no way to manage via webgui quarantine, postscreen etc like pmg, but perahps i'm wrong ?
     
    Last edited: Aug 19, 2020
  9. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    No, but there is a gui that comes with rspamd and it's possible that would (and certainly possible it doesn't, I haven't used it yet).
    No, not yet. I use and heartily recommend it, and there is some example config floating around if you want to set it up manually, but there's not any configuration in the ui nor installer for it. (Same status for postfwd, fwiw.)
     
  10. ledufakademy

    ledufakademy Member

    ispconfig seems to be a very good mail backend (submission, imap, pop) , but i planned to put hardenned frontend : proxmox mail gateway for smtp (25) trafic.
    perhaps this is not recommended.
    ?
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    You will lose most of the spamfilter capabilities in ISPConfig and other things, so I won't do that if I were you and ISPConfig is actually used as a security and spamfilter system in front of other mail servers, so it does not make much sense to weaken ISPConfig by putting a proxmox mail server in front of it.
     
  12. ledufakademy

    ledufakademy Member

    ok till.
    thank you for your precious advices.
    but : i lost all our web gui for mailing stats, managing, quarantine ...
    how'can i monitor mail activity with ispconfig ?
    that's sad.
     
  13. Th0m

    Th0m ISPConfig Developer ISPConfig Developer

    As said before, you can use rspamd
     
  14. ledufakademy

    ledufakademy Member

    ok.
    is it hard to use/install rspamd after mail server installation (i follow step by step th ispconfig manual) or must i reinstall mail server ?
    ours servers database, and data are empty now.
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

  16. ledufakademy

    ledufakademy Member

    thank you till, i just discover it ! :D

    note: i'm surprised to see that we must install dns service on mailserver ... (unbound)
    edit : rspamd, seem to be well integrated to ispconfig, just one world ... COOL.
    ... and the web gui powerfull.
    all those things sounds good.
     
    Last edited: Aug 19, 2020
  17. ledufakademy

    ledufakademy Member

    another question : is there a problem if i call mail servers ...
    mail1.domain.local and second mail2.domain.local ?
    mx names in dns are mail1.domain.com and mail2.domain.com (those are the exposed internet name)
     
  18. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    For a system name you can use bogus names, but then you'll need to configure your mail system to use a real hostname when talking to others, as many places block mail from systems that don't have/use valid dns names, so it just creates more work. Using .local in particular is a bad idea, as eg. on some systems here, even though we don't block for no reverse dns, I have explicitly blocked .local for years, along with many other commonly abused names.
     
  19. ledufakademy

    ledufakademy Member

    hum, that sound not good for me. all my ispconfig server 3 web server, 3 database server, 2 dns server , 1 panel server are all setup with domain.local : the two mail servers includes.
    our real domain name e.g. domain.com, is already in use for our actual web hosting system. And this why i decided to use a "local" domain fqdn.
    in order to migrate ...
    and i was except ispconfig mail server can hide their real name here (mail1.domain.local, or mail2.domain.local) with client domain one ... that's what we are doing with are mail infrastructure in use.
    what are you suggest us ?
     
    Last edited: Aug 20, 2020
  20. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    Try setting myhostname to the real DNS name and check that the .local name doesn't get used anywhere.

    It still doesn't make much sense to me to use a fake name, when as you said you have a real hostname allocated to each server in DNS already. Hosting the real domain website doesn't affect using a server hostname from that same domain for your servers.
     
    ahrasis and Th0m like this.

Share This Page