[an error occurred while processing this directive]

Configuring NetMail, GroupWise and GWGuardian
NetMail Cool Solutions Article
by Michael Bruner

Posted: 3 Mar 2004


I am adding a NetMail Server to a school environment that has an existing GroupWise Server that services the school staff. In addition, there is a GWGuardian Server located in the DMZ that relays all outgoing and incoming mail to and from GroupWise. I want the new NetMail server to be able to send directly to GroupWise and GroupWise to be able to send directly to NetMail without having to be relayed through the GWGuardian box. The reason is the time lag created by the extra step of going through the relay and also the additional traffic. Below you will find a diagram of the current configuration.

Figure 1


Since NetMail already has Virus Scanning built in, I'm not worried about NetMail sending or receiving viruses. If someone were to send an email from GroupWise to NetMail that contained a virus, it would not be delivered. I'm also not concerned about Spam from GroupWise to NetMail or vice versa. But, I do want all email coming from the Internet to be scanned for both SPAM and AntiVirus.

So, I want all email from the Internet funneled through GWGuardian, which in my experience does a fabulous job of both SPAM and AntiVirus scanning.

how I did it:

My real world DNS server points my primary domain and all of my subdomains to GWGuardian's IPADDRESS. When mail comes in from the Internet, GWGuardian makes the decision based upon the routes set up whether to send the mail to GroupWise or to NetMail. NetMail sends Internet mail directly from NetMail and is not relayed through GWGuardian. GroupWise sends all Internet mail through GWGuardian. But, GWGuardian and GroupWise send directly to each other.

There are several steps to getting this to work. For GroupWise, this will only work with version 6.5 or I assume any future releases. GroupWise 6.5 will allow you to set up a route.cfg file in the GWIA directory. See TID10010997 for more information on this. So, I set a static route there for GroupWise to send all mail for 2004.earj.com.br, 2005.earj.com.br, and etc to which is the NetMail box. After unloading and reloading GWIA, GroupWise will now send directly to NetMail even though it is set to send all outbound mail through relay.

Next, we need to make NetMail send directly to GroupWise. In order to do this, you will need to set up a separate DNS Server inside your firewall. This could either be a linux box, one of your Novell boxes, or a Windows server. You need to set up a fake mx record for your GroupWise server. It will be the same entry as your primary DNS server, except instead of the ipaddress being that of GWGuardian, it will now be the internal ipaddress of GroupWise.

After you have your fake DNS working, type inetcfg at the terminal prompt on your NetMail Server. Scroll down and select protocols. Then select TCP/IP. Next scroll down and select DNS Resolver Configuration. Make sure the Domain Name shows your primary domain name. In the name server 1 box, enter your fake DNS Server's ip address. In the name server 2 box, enter your primary DNS server's ip address. And if you want, you can enter another backup DNS server's ip address in the last box. Hit escape then exit out of inetcfg. At this point you will need to reboot your NetMail Server.

(Editor's Note: NetMail will use the DNS resolvers that are configured in NDS. Specifically on the Messaging Server Object)

After NetMail reboots, open NWAdmin from the NetMail Server. Edit the SMPT Object under your NetMail Server context which should be located in the Internet services container. Make sure you have your primary domain listed under Global Domains. In my case I also needed to make sure that all of my sub-domains were also listed.

Figure 2

The Options tab should be set up as shown in the screen capture below, with nothing in the Mail Relay Host [Forwarder] box.

Figure 3

On the UBE Relaying tab of the SMTP object, make sure you have the option "Only allow remote sending for authenticated senders" checked. Without this you are open to unauthorized mail relay and almost certainly will be put on a black list.

Figure 4

Now, simply reload NetMail using the IMS command.

Assuming that you have the internal address of NetMail NATTED correctly and you have your routes set up correctly at your mail relay, this scenario should now work perfectly for you.

I hope this information is helpful to you, as I spent numerous hours figuring out how to implement this correctly.