• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2274
  • Last Modified:

GroupWise relay host - advanced user configuration

I have a client that is using GroupWise 6 as his email server.  One of the users, because she deal with securities trading, needs to send and recievie all her email through specific POP and SMTP servers (for content review, archival & reporting purposes).  Retreiving the mail from an external POP server is easy.  Is it possible to configure th GWIA to user a relay host from some users and not use it for the rest?  Anyone have any any brilliant ideas?  Thanks!
0
stvmtchl
Asked:
stvmtchl
  • 4
  • 3
1 Solution
 
PsiCopCommented:
Yes, GWIA will relay for any connection which presents valid authentication credentials (GroupWise mailbox ID and associated password) for an account authorized to send E-Mail to the Internet. Alternatively, you can enable relaying based on IP address.

Note that if you're using GWAVA or some similar tool to do the required Message Retention, it will NOT capture messages so relayed. You would need to employ a tool that used the 3rd-party directory in GWIA, not a tool that resides between the GWIA and the MTA.

What's all this POP/SMTP nonsense? Can she not use the GroupWise client?
0
 
stvmtchlAuthor Commented:
Hopefully this will clear it you question.  I'm talking specifically about the GWIA being able to use a specific outbound relay host for a specific users/group of users and not for the rest of the company's email.  All the special user's email has to flow through an email account outside of GroupWise server.  That account is hosted by/at the brokerage firm that the client uses.  The email account there doesn't provide any "forwarding" capability to get it to her normal GroupWise account so we have to go get it from the brokerage house's POP server.  That part is easy.  The hard part is sending just that user's email through the brokerage house's SMTP server and not the rest of the company's.  Does that clear it up?

If I can't do this on the GroupWise IA/MTA, then I will have to put in some type of SMTP proxy server that has the ability to perform rules based relaying or have the user dump their GroupWise client in favor of one that I can configure a specific outbound SMTP server on (i.e. Outlook, Outlook Express, etc.).
0
 
PsiCopCommented:
Ah. OK, that makes a little more sense.

GWIA can indeed use a relay host - but the selection of that for a given GWIA has the same effect the equivalent setting would have with any other SMTP MTA (for example, sendmail) - its global. *All* outbound E-Mail processed by that GWIA will be sent via that relay host. I'm not aware of any SMTP MTA that will selectively use a relay host based on sending User ID (altho I can imagine how it might be programmed into a sendmail environment, it strikes me as an ugly hack). I'm fairly certain there's no way to do it with GWIA.

So, what you need to do is establish a GroupWise Domain for people who have this requirement - your eventual configuration will be one where you handle outbound mail routing for special users (like this person) with a special GWIA instance. In GroupWise v6.x, the granularity of control of this particular thing is only down to the Domain level. You can't set this at the Post Office or User level (I'm not sure if control of this becomes more granular in GroupWise v7 - its due out in the next 60-150 days).

Remember that since this is GroupWise, you have no licensing charges for this idea - licensing is per-user-seat, and there are no per-CPU or per-server charges. You're free to deploy as many GWIAs (or MTAs, or POAs, or whatever) as you want to deliver the specific services you need. Your sole cost here is the hardware (assuming  you're not using something like VMWare). I'm assuming you're running on NetWare v6.x or Linux or Solaris and are similarly not encumbered by per-server/per-CPU licensing charges there.

In this new Domain, you'll establish a Post Office where users with this requirement will reside. Then, add the special GWIA - if this is a very small deal, then you can stick the special GWIA in the same GroupWise Domain; if there's gonna be a lot of people in this boat, it'd be better to create another Secondary Domain to house the special GWIA (or use the same Secondary Domain as the existing GWIA, assuming your existing system follows Best Practices and places the existing GWIA in its own Secondary Domain).

In the Properties of this new Domain (GroupWise tab, Internet Addressing panel), you can specify the GWIA that Users in the Domain must use for their outgoing E-Mail - this setting affects all Users in that Domain. Set that to the special GWIA, and then in the special GWIA's Properties (SMTP/MIME tab, Settings panel), put the brokerage house SMTP relay server's DNS name or IP address in the the Relay Host for Outbound Messages field. No changes are needed for the existing GWIA. Since the special GWIA should (it appears) only be used for *out*bound E-Mail, and then only for the specific Users with this requirement, you can even go into the special GWIA's Access Control (Properties, Access Control tab, Settings panel) and define a Class of Service for these Users that only allows them to *send* E-Mail via that GWIA. This makes sure they can only *receive* E-mail using the existing GWIA, meaning you don't have to replicate any of your anti-virus/anti-SPAM solutions to the special GWIA. Important: the brokerage house relay server is going to have to be configured to *only* send E-mail for your Domain(s) to the existing GWIA, even NDRs - it must be told to ignore the fact that a given E-Mail arrived from the special GWIA, and send *all* E-Mail for *all* Users in your GroupWise system to the existing GWIA. It may do this normally, just check.

Finally, move the affected Users from their present Post Office to the new Post Office in this new Domain. Their Internet E-Mail address will not change, and all their *in*bound E-Mail will continue to arrive at the original GWIA and be routed to their existing mailbox in the new Post Office (assuming that the brokerage house doesn't futz with the SMTP envelope headers too much, or re-write things like Reply-To). The QuickFinder Index rebuild processes that are automated in GroupWise v6 should correct all the Address Books - its possible that some GroupWise Users may have to delete people moved to this new Post Office from any their Personal Address Books and then re-add them, or from Frequent Contacts books and then let the client re-add the moved people. I can't remember how granular the Address Book rebuild processes are in GroupWise v6.0. They are pretty good about this sort of thing in v6.5.

After the move is completed, performing a Synchronization on all the Post Offices and Domains would be a good idea, just to propogate the changes as rapidly as possible. Remote Users or Users who operate in Caching Mode may need to clear entries for the people moved to the new Post Office from their Frequent Contacts, as the Post Office-based automated processes can't update those Address Books (and if the Remote Users don't include the System Address Book in their Send/Receive requests, they also won't get the System Address Book updates they'll need to successfully send to the moved Users).

So, it can be done, and there's no reason to deploy a virus-magnet like LookOut!. I won't claim its the prettiest arrangement, and I hope GroupWise v7 will extend the configuration granularity for this sort of thing a bit further down, at least to the Post Office level (eliminating the need for a separate Domain). If you can wait for the Public Beta (should be soon) then you can look and see (watch this page --> http://www.novell.com/beta/index.jsp). But what I've proposed here will get the job done in your current environment.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
stvmtchlAuthor Commented:
Thanks!  That makes a lot of sense.  One question that I have:  Can you deploy multiple GWIA's on one NetWare server or am I going to need to deploy another another "server" to do this?
0
 
PsiCopCommented:
No, you can't really deploy multiple GWIAs on one NetWare server. The issue is that while you can, in the GWIA Properties, tell a given GWIA what TCP/IP address to use when *sending* E-mail (on the SMTP/MIME tab, Settings panel, check the Bind to TCP/IP address at Connection Time box; and on the GroupWise tab, Network Address panel, specify the TCP/IP address), GWIA will *listen* on TCP Port 25 on *all* the server's IP addresses (the ones that exist when GWIA is loaded). So the first GWIA to load is going to grab that port on all IPs bound to the server, and the second GWIA to load is going to regard that as not acceptable and refuse to load.

You could Redmond Goldberg something together - for example, not bind the second IP address until after the first GWIA was loaded. You might be able to get the second GWIA to live with that (the first GWIA won't have bound to the second IP address since the second IP address didn't exist when it was loaded). I dunno, I've never tried that, because I think that's a very M$ (i.e. half-arsed) way of doing things.

Remember, GWIA can run on a buncha different platforms - 2 Linuxes, Solaris, even Windoze. Doesn't *have* to be NetWare. Ever used VMWare? You can run two virtual servers, each ignorant of the other, on the same hardware. And if the special GWIA is only for a few people, it doesn't need killer hardware - a single 400 MHz Pentium with 256 MB of RAM would be plenty. Remember, in a pinch (like the special GWIA's hardware dying), you can always redirect these few users out thru the "regular" GWIA.

You *can* run the GroupWise MTA and POA for the special Domain and Post Office on the same server as the existing Domain and Post Office. Its kinda messy, because you chew up a lotta RAM. And you need to be using NetWare v6.x (preferably NetWare v6.5) for the necessary memory management. And your MTP ports will deviate from the standard ones that the Agents like to use. But you can do it, especially if you assign a second IP address for the special Domain's agents to use.
0
 
stvmtchlAuthor Commented:
Thanks for the great information.  We'll propose the options and see where they want to go.
0
 
PsiCopCommented:
FYI, EE has added a GroupWise TA --> http://www.experts-exchange.com/Applications/Groupwise/
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now