Results 1 to 7 of 7

Thread: Zimbra's Default Behaviour over LAN

  1. #1
    Ivand is offline New Member
    Join Date
    May 2010
    Posts
    3
    Rep Power
    5

    Default Zimbra's Default Behaviour over LAN

    Hello

    Im new to Zimbra and i'm gonna install it for a midsize business (150-200 accounts). Im just worried because of the characteristics of our setup.

    It is a rather far office (20kms away from the nearest city) and because of that we cant get hi-speed internet.

    I want to be able to send emails to the outside world, not only the domain (companyname.com).

    So the question is, is it possible for emails sent to user@companyname.com to be send over the lan, not the Internet connection, and only have emails sent to other outside domains (user@gmail.com) leave the LAN?

  2. #2
    imx
    imx is offline Special Member
    Join Date
    Jun 2009
    Posts
    131
    Rep Power
    6

    Default

    Anything that is local to the server wont leave the server, its pointless sending mail out to the wider internet only for it to come back again

    However, bear in mind that you cant control spammers - or certainly not their use of your bandwidth. If bandwidth is limited, id look in to rate limiting connections via iptables, to prevent unnecessary hammering of your server; although youre still at the mercy of the spammers themselves.

    Why not colocate the server? Depending on the the mail traffic/users im sure the web gui based traffic would be lower that running the server locally.

  3. #3
    Ivand is offline New Member
    Join Date
    May 2010
    Posts
    3
    Rep Power
    5

    Default

    so, basically if user a sends an email to user b (both in the same LAN), other than to resolve the domain, the email doesnt leave the LAN?

    I dont have a problem with bandwidth consumption, the problem is speed. I dont think i will have a spammers problem since most emails will be for internal use only.

    Also, colocation is not an option since is a government institution and the security guidelines mandate that emails cant be hosted anywhere else other than the institution
    Last edited by Ivand; 05-30-2010 at 12:44 PM.

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Quote Originally Posted by Ivand View Post
    so, basically if user a sends an email to user b, other than to resolve the domain, the email doesnt leave the server?
    That would be correct.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    imx
    imx is offline Special Member
    Join Date
    Jun 2009
    Posts
    131
    Rep Power
    6

    Default

    Unfortunately, you cant control your users or where their email addresses end up - hence spammers will always pick up email addresses.

    But, that aside, youre going to have to open port 25 ingress to your mail server - unless you use some intermediate processing solution elsewhere, but youve said thats not an option - spammers will just nail port 25, hence my suggestion to rate limit connections per source IP in iptables.

    Also, using something like fail2ban, to process the zimbra/postfix log files to then silently drop any future ingress traffic from specific ip's where a postfix 554/550 error is given. I was seeing well over 300K a day of relay denied traffic, on a very small installation, fail2ban had this down to about 200 per day, instantly. Using the basic fundamentals of TCP, if you stop traffic prior to the initial 3 way handshake, ie all you receive is SYN not the subsequent ACK and traffic because your firewall is dropping it, your bandwidth requirements will drop substantially.

  6. #6
    Ivand is offline New Member
    Join Date
    May 2010
    Posts
    3
    Rep Power
    5

    Default

    also, is there any user policy to not allow an user to send emails to other domains other than the @companyname.com one?

  7. #7
    imx
    imx is offline Special Member
    Join Date
    Jun 2009
    Posts
    131
    Rep Power
    6

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: 11-24-2008, 12:27 AM
  2. Replies: 45
    Last Post: 11-28-2007, 06:39 PM
  3. Perdition not restart !!!!
    By olibite in forum Administrators
    Replies: 2
    Last Post: 05-22-2007, 03:50 AM
  4. perdition won't start after 4.5 Upgrade
    By freeformz in forum Administrators
    Replies: 1
    Last Post: 01-29-2007, 07:39 PM
  5. Replies: 4
    Last Post: 11-08-2006, 12:14 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •