Lähettäjä: W B Hacker Päiväys: Vastaanottaja: exim users Aihe: Re: [exim] exim front-end to barracuda
Jay Parker wrote: > On Mon, Nov 9, 2009 at 1:05 PM, Mike Cardwell
> <exim-users@???> wrote:
>>>>> We have been using a Barracuda spam appliance delivering to a local mail
>>>>> system, and are migrating to hosting user email with Google Apps. We
>>>>> will be migrating users gradually, and [...] decided to point our MX records to
>>>>> a "front-end" exim box that could do LDAP lookups for recipient
>>>>> addresses and send email either directly to Google Apps or to the local
>>>>> system via the Barracuda.
>>>> Why not ask Barracuda to forward some of the emails they receive to
>>>> Google, and skip the local router?
>>> The Barracuda appliance can't do routing based on the local-part, only
>>> based on the domain. So whatever it does, it does for our whole email
>>> domain (subject to individual user preferences). Hence my desire to
>>> front-end it with something more flexible...
>> Why don't you just switch the two servers around so mail hits the
>> Barracuda box first, which then passes it on to the Exim box, which then
>> decides if the mail should end up at Google Apps or your local mail
>> system...?
>
> That is very likely what I'm going to end up doing.
>
> I was trying to avoid it so that email for users who have been moved
> to Google wouldn't be spam-filtered twice (by the Barracuda and then
> by Google), using different policies and with different procedures for
> quarantine maintenance. My current thinking is to do as you suggest,
> and see if there is any way to script an nightly update of the
> Barracuda user preferences so that users who have been moved to Google
> are individually exempted from the spam scanning. Not having to build
> that nightly process seemed to justify the hassle of running the
> front-end Exim box, but that was before I appreciated the backscatter
> implications.
>
> Most of my other questions about identifying and filtering bounce
> messages are intended, at most, as a temporary workaround for a few
> days while I test this new configuration. Even if they have no
> practical application, Exim is such an incredibly flexible tool that I
> was surprised to find something relatively simple that I couldn't
> figure out how to make it do. I'm assuming the fault is mine and not
> Exim's, and I'd love to correct my ignorance.
>
> Thanks,
>
> -jbp
>
Not your ignorance so much as overlooking something very basic.
OF that I am, I sometimes DO wear both 'belt and braces'. But never two belts or
two sets of braces at the same time.
Both Barracuda and Exim need to be 'first in line' at the point incoming traffic
arrives to do their best work. Both also benefit from being 'last in line' as to
final disposition, though that part is more flexible.
As they cannot BOTH be first, putting either one behind the other cripples a
portion of the best features of whichever comes second and increases your
admin/configuration complexity by more than you can gain in effectiveness.
Putting wheels on a boat, so to speak. It is done, but the result suffers by
comparison to either parent.
Better to pick the ONE that is the closest match to your overall needs, learn
all that you can about how to most appropriately deploy it, and keep your focus
on that expertise.