Deployment Strategies

Top  Previous  Next

Once Alligate is installed, you need to send SMTP traffic to it. There are a few different ways to do this and this section will present a discussion of the primary methods you can employ. It is important to consider that Alligate has been designed not only significantly reduce spam, but also to isolate your mail server from the onslaught if malicious traffic directed at it 24 hours a day. Mail servers are designed to be inherently friendly. Alligate is just the opposite. It was designed to treat every connection with suspicion and stand up to the abuse directed at it and even dish out a little of it's own.

 

For purpose of this discussion, we'll assume that you have installed Alligate on a dedicated server.

 

Changing MX Records - This is of course the obvious first choice for many administrators. It is a good choice when you have a small number of domains that you handle mail for. Many administrators will add the IP address of their Alligate server as the primary MX address for the domains they receive mail for. Many also leave their original mail server in the MX list as a lower priority mail server.

 

Leaving your mail server in the MX list will provide some redundancy in the event of a failure of the primary MX record, however it also leaves the door open to spammers that routinely attempt to bypass the primary server and use a secondary MX record to attempt to deliver their messages. In fact, this is quite common and we do not recommend doing this.

 

There are downsides to changing MX records. First, it can be cumbersome, especially if you do not run your own DNS server as an authoritative server for the domains you manage. Secondly, it can take 24 hours or longer for MX record changes to propagate across the Internet, and if you need to make any changes, or make a mistake, it could conceivably take several days for everything to settle down.

 

If you do decide to change your MX records, you must give the Alligate server the highest priority and preferably make it the only address listed.

 

Redirecting SMTP Traffic - If you have the capability of redirecting traffic by protocol at your router or firewall, this is by far the best choice. No DNS changes are necessary, and it is a fast and easy task no matter how many domains you receive mail for. The effects are instantaneous and are easy to undo or change if this is ever necessary.

 

Depending on your router/firewall firmware, you will need to define a routing rule for SMTP or port 25 traffic. All you need to do is to tell the router/firewall to send all SMTP or port 25 traffic to the Alligate servers IP address. Alligate will handle the rest.

 

Notes: When first deploying Alligate, keep in mind that your users that send outgoing mail through your current mail server will now be sending mail through Alligate which in turn will authenticate and relay the outgoing mail using your mail server. We strongly advise that you use Alligate's built in support for Enable Secondary AUTH ONLY SMTP Server on Port usage for outgoing mail.

 

If your users are currently connecting on SMTP port 25 to send outgoing email, Alligate will not initially know that these are friendly users. This can create a problem in that Alligate is looking for suspicious connections. The main problem is that when a user sending mail sends the HELO command, it will generally fail the HELO test Alligate uses to try to determine if the message is properly formatted. Any mail coming in on the primary SMTP port (port25) is subject to this test. Mail coming in on the secondary SMTP port (usually 587) is not tested.

 

It is probably good policy to get your users to move over to the secondary SMTP port for sending mail Until this can be done, there are a couple of recommendations we can make that will ensure that your users outgoing messages are not blocked.

 

In the Message Scanning section on the Envelope Scan Options tab, you should check the following settings:

 

If HELO command fails the HELO test add xx points

 

If HELO command is not an FQDN add xx points

 

These values should be set to low numbers, probably less than 10. This will reduce Alligate's effectiveness somewhat, so this is a good reason to consider moving your users over to the secondary AUTH ONLY port for outgoing email. After this is done, these values can be increased again to ensure that Alligate is operating at peak effectiveness.