Simple fetchmail config
Few hours ago you got called to meeting with your boss. You were told that company you're working for just bought another firm and everything needs to be integrated ASAP starting with unifying email addresses.
Getting list of employees from company that was bought is easy. So is creating them on your existing email system. Granting secure access to your network might be bit trickier. Regardless these are all out-of-scope as our Swedish friends would say.
Let's start with something simple. In this case company that was bought didn't have own email server. Instead they were using POP3 to fetch mails from ISP. To make things difficult their old domain was registered and hosted by some east european one man ISP that was not at all co-operative after realizing they're about to lose email hosting deal. Therefore any forward settings and MX changes were out of question.
No worries, there's always workaround. We'll fetch emails from POP3 server with fetchmail and then feed them to external facing side of our own MX. Probably easiest to do if you place virtual machine running fetchmail outside your firewall and block ALL inbound connections on firewall. With exception of SSH with DSA locked to specific IP you use for management tasks.
Getting list of employees from company that was bought is easy. So is creating them on your existing email system. Granting secure access to your network might be bit trickier. Regardless these are all out-of-scope as our Swedish friends would say.
Let's start with something simple. In this case company that was bought didn't have own email server. Instead they were using POP3 to fetch mails from ISP. To make things difficult their old domain was registered and hosted by some east european one man ISP that was not at all co-operative after realizing they're about to lose email hosting deal. Therefore any forward settings and MX changes were out of question.
No worries, there's always workaround. We'll fetch emails from POP3 server with fetchmail and then feed them to external facing side of our own MX. Probably easiest to do if you place virtual machine running fetchmail outside your firewall and block ALL inbound connections on firewall. With exception of SSH with DSA locked to specific IP you use for management tasks.
# Create user account used to fetch emails over POP3 from old server useradd gonzo # Create fetchmail configuration file cat >/home/gonzo/.fetchmailrc <<__EOF__ # Log to syslog set syslog defaults # Use POP3 with 45s timeout protocol POP3 timeout 45 # Fetch everything from remote mailbox and then delete them fetchall no keep # Make sure you send emails to your EXTERNAL mx, not INTERNAL. # It's important that this host does NOT treat traffic from this host as Intranet client. # Also disable graylisting, blacklisting etc. while still keeping antispam and antivirus checks enabled. smtphost mx1.newcompany.com mx2.newcompany.com # If MX rejected email with 550 error it's spam and should be deleted on our end rather than retried antispam 550 # Don't mangle email headers no rewrite poll mail.oldcompany.com username "sales@oldcompany.com" password "g0g0g1rl5" smtpname "sales@newcompany.com" username "first.last@oldcompany.com" password "nameofmydog" smtpname "first.last@newcompany.com" poll pop3.someisp.net username "bosslady@otherfirm.biz" password "5318008" smtpname "bosslady@newcompany.com" __EOF__ # Create script for running fetchmail cat >/home/gonzo/fetch.sh <__EOF__ #!/bin/sh . /etc/profile HOME=/home/gonzo export HOME /usr/bin/fetchmail __EOF__ # Make it executable chmod a+x /home/gonzo/fetch.sh # Schedule fetching of emails every 10 minutes echo '3,13,23,33,43,53 * * * * gonzo /bin/sh /home/gonzo/fetch.sh >/dev/null 2>/dev/null' >>/etc/crontab service crond restart
Comments
Post a Comment
Got something to say?!