[tech] IronPort migration

James Arcus jimbo at ucc.asn.au
Fri Apr 7 10:12:33 AWST 2023 

Ok, final update (I promise).

UCC mail domains are now all receiving mail via forwardemail.net to 
mailfish, and sending out directly from mailfish.

Additionally, I've enabled SRS to make sure envelope senders match the 
domain of the mail server (mailfish) that's sending all our email. I'm 
not 100% whether it's necessary (and allegedly, some providers are 
happier if you /don't/ do it), but it is the recommended behaviour when 
forwarding email. At the very least, we need to have /some/ awareness of 
SRS, because forwardemail.net is doing it to all our received mail 
themselves.

As before, let me know if you spot anything unusual, or any expected 
mail seems to be missing.

Cheers,

James [MPT]

On 6/4/23 21:56, James Arcus wrote:
> Hi all,
>
> This project is now in full flight, with most UCC domains being 
> migrated to send outbound directly from mailfish.
>
> We're still restricted on receiving mail in directly on port 25, so 
> for now I'm migrating our MX records to use forwardemail.net to bring 
> mail in on a TLS mail port. There's a little bit of hackery involved 
> to map domains between the ones used for forwarding (delivery.ucc.*) 
> vs. the real ucc.* domain, but it's working fine as far as I can tell.
>
> Please let me know if you have any trouble sending any mail, or any 
> mail you expect to receive doesn't show up or takes an unexpectedly 
> long amount of time to arrive.
>
> Cheers,
>
> James [MPT]
>
> On 16/2/23 17:23, James Arcus wrote:
>> Hi all,
>>
>> Just a quick update on the progress of preparing to migrate away from 
>> the UWA IronPorts.
>>
>> Following some further discussion with Daniel from UWA IT, and a 
>> check of the firewall rules in place, we've decided that it will be 
>> better for us to send mail outbound directly from UCC, instead of 
>> paying for a commercial relay service.
>>
>> I've asked for reverse DNS records to be added for the IPs we're 
>> planning to use for our mail servers. Once that's complete, we can 
>> begin testing and migrating away from using `smtp.uwa.edu.au` as our 
>> mail relay host.
>>
>> I'll let people know when we are ready to start, because we'll need 
>> to keep an eye out for any increase in rejections or mail being spam 
>> filtered.
>>
>> Cheers,
>>
>> James [MPT]
>>
>> _______________________________________________
>> List Archives: http://lists.ucc.asn.au/pipermail/tech
>>
>> Unsubscribe here: 
>> https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/jimbo%40ucc.asn.au
> _______________________________________________
> List Archives: http://lists.ucc.asn.au/pipermail/tech
>
> Unsubscribe here: 
> https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/jimbo%40ucc.asn.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20230407/849183a6/attachment.htm>

More information about the tech mailing list