Enabling MTA-Direct Connectivity (GWMTP)


With Internet addressing enabled, MTAs can now connect directly to other GroupWise systems. This type of connectivity, often called GWMTP for GroupWise message transfer protocol, allows native message format and encryption to be maintained.

Retaining the GroupWise message format between GroupWise systems is not a new concept. The same functionality is available without GWMTP, but it requires a pass-through GWIA or Async gateway. To get the same functionality with these gateways, an external domain and post office would have to be configured and maintained for every other system to which your users will send email. The maintenance of these external user entries and external domains could require a lot of an administrator's time.

The big advantage of GWMTP is that the setup has to be done only once. After it has been enabled, ongoing maintenance should be minimal. The three basic requirements to enable GWMTP are the following:

  • Both systems must enable Internet addressing.

  • Both systems must configure MTAs to use GWMTP.

  • Both systems must publish GWMTP records to the Internet via a domain nameservice (DNS).

This chapter has already discussed enabling Internet addressing. This next section moves directly to a walkthrough of configuring the MTA.

Allowing MTAs to Send Directly to Other GroupWise Systems

The first thing you need to do is allow MTAs to send directly to other GroupWise systems.

Following are the steps to enable an MTA in your GroupWise system to communicate on the Internet with other GroupWise MTAs:

1.

Choose Tools, System Operations, System Preferences, Routing Options to get the window shown in Figure 34.2.

Figure 34.2. The System Preferences Routing Options window is used to define which MTA will receive messages that should be sent on the Internet


2.

Make sure that a default routing domain is specified.

This is the domain that will be able to talk directly to other MTAs over the Internet. You do not want to check the option to force all messages to this domain. Doing so can potentially slow down messaging throughout your entire system.

3.

Check the box labeled MTAs Send Directly to Other GroupWise Systems.

4.

Close the Preferences window.

You have told the entire GroupWise system that if users send a message to an Internet domain that is not in your GroupWise system, the message should first be sent to the default routing domain. If the MTA for the default routing domain determines that the destination domain does not support GroupWise MTP communication over the Internet, it should route the message to the GWIA.

Allowing MTAs to Browse DNS

Now every MTA in your system is going to attempt to look up other GroupWise systems via DNS. This means that every MTA must be able to see a valid domain name server. Typically, DNS requests are transmitted on port 53, so you should make sure that this port is not being filtered by your firewall. Most organizations won't have a problem with this, assuming that they allow end users to browse the Web. Web browsing also requires DNS requests, so port 53 is probably already open.

Allowing MTAs to Connect on High-Numbered Ports

You might, however, have a problem with high-numbered ports. When the MTA finds another system's MTA on the Internet (via DNS), it will try to open a connection there, and its source port will be a high-numbered port.

For security reasons, many administrators do not want to have all MTAs exposed to high-numbered ports on the Internet. If you have this same concern, read about default routing domains and overrides in the next section.

Default Routing Domains and Overrides

The best way to avoid exposing all the MTAs in your system is to tell the GroupWise system to send all mail not destined to a known IDOMAIN to a default route. This would basically be all Internet mail. You rarely will want to force all messages (even messages going to a known IDOMAIN) to the default route. A single system-wide default routing domain is usually advisable only for GroupWise systems that have a low volume of outbound Internet email, however. On large, high-volume systems (more than 50,000 Internet messages per day), the burden on a single MTA can be too great, because all Internet-bound email passes through this MTA. Each outbound message requires a DNS lookup to determine whether it is bound for another GroupWise system.

The solution is to use overrides, as detailed here:

  1. Choose Tools, GroupWise System Operations, System Preferences, Routing Options.

  2. Check the box labeled Force All Messages to Default Routing Domain.

  3. Close the window.

  4. Determine a domain or domains in your system that will be used for routing. These domains will be used as an override default routing domain. In most cases, you will make this decision based on your WAN topology. For instance, all domains in one country should use a routing domain in that country.

  5. Determine a domain or domains that will use the override routing domain instead of the system default specified in system preferences.

  6. Perform steps 7 through 11 for each domain whose routing you want to override.

  7. For domains that will use a default routing domain, browse to the domain's MTA object, right-click it, and select Properties.

  8. Click the Routing Options tab shown in Figure 34.3.

    Figure 34.3. The MTA Routing Options tab enables you to override the default routing domain


  9. Click the topmost check box in the Override column.

    This will override the default routing domain specified at the system level.

  10. In the field labeled Default Routing Domain, browse to the domain you have chosen as an override routing domain. The MTA for the domain you route through should have the ability to send to other systems as explained earlier.

  11. Click OK to close the window and save your changes.

To summarize how default routing domains work, there are basically three options you can set at the system level in this area:

  • Allow MTAs to Send Directly to Other GroupWise Systems: This option enables all MTAs system-wide to be able to perform DNS lookups. So if a user sends mail to user@unknownIdomain.com, the MTA will try to perform a DNS lookup on it. If it can, and it finds the appropriate DNS entries for unknownIdomain.com, it sends the message directly over the Internet to this other MTA. If for any reason it cannot perform a DNS lookup or cannot find any DNS entries for unknownIdomain.com, it simply hands the message off to the domain that owns the default GWIA (unless there are any overrides anywhere, and then it obeys the override).

  • Default Routing Domain: With this option, if the MTA gets a message to a known IDOMAIN, it resolves the domain (doesn't have to perform a DNS lookup) to the GroupWise domain that the user is in, reads the link configuration to see how to talk to this GroupWise domain, and sends the message to it. If it gets a message to user@unknownIdomain.com, it once again tries to perform a DNS lookup. If it fails or cannot do this, it sends the message off to the default routing domain. It does not send all mail to this domain, only Internet mail that is destined for unknown IDOMAINs. The default routing domain gets the message and then tries to resolve it via DNS; if this fails, it goes ahead and sends it to the default GWIA.

  • Force All Messages to Default Routing Domain: Finally, with this option, when an MTA gets any message, whether or not it is destined for a known IDOMAIN, it simply shoves it over to the forced default routing domain.

You can use the override options on any of these settings, which basically allow you to change what any particular domain is going to use that differs from what you set under System Preferences, System Operations, Routing Options.

There are basically two ways we recommend for setting up default routing domains so that you do not need to have all MTAs doing DNS lookups. If the majority of the domains should be performing DNS lookups, follow this approach:

  1. From System Operations, System Preferences, click the check box that allows MTAs to send directly to other GroupWise systems.

  2. Next, define a default routing domain that all Internet mail will go to if a DNS lookup fails or if the MTA gets mail that is destined for unknown IDOMAINs.

    Do not check the option to force all messages through the default routing domain.

  3. Go to the properties page of the MTA objects in the domains in which you do not want to perform DNS lookups and select Routing Options from the drop-down list.

  4. From here, click the last check box in the Override column (Allow MTA to Send Directly to Other GroupWise Systems), and then uncheck the option to perform this operation that this MTA inherited from the system level.

    Voila! This MTA is not allowed to perform DNS lookups. This works great if most of your MTAs will perform DNS lookups because you only have to do the override on the MTAs that you do not want to perform the DNS lookups.

If most of your domains should not perform DNS lookups, you take the reverse approach, as outlined in the next series of steps:

1.

From System Operations, System Preferences, do not check the box to allow MTAs to send directly to other GroupWise systems.

2.

Define a default routing domain that all Internet mail will go to if a DNS lookup fails. Otherwise, the MTA is not allowed to perform DNS lookups and it gets mail destined for unknown IDOMAINs.

Once again, do not check the option to force all messages through the default routing domain.

3.

Go to the properties page of the MTA objects in the domains in which you do want to perform DNS Lookups.

(Obviously, you need to make sure that you do this on the default routing domain defined in step 2.)

4.

Select Routing Options from the drop-down list. Click the last check box in the Override column (Allow MTA to Send Directly to Other GroupWise Systems), and then check the option next to it to actually turn this feature on.

The MTA can now perform DNS lookups. If it cannot find the DNS entry, it sends the message to the default routing domain.

Now a tip on how to determine what each MTA is really doing: The top of an MTA's log file contains the configuration information. Following is an example of the general settings at the beginning of the MTA log:

23:26:20 574  General Settings: 23:26:20 574  Domain Directory:             d:\do3 23:26:20 574  Work Directory:              d:\do3\mslocal 23:26:20 574  Preferred GWIA:              Do1.GWIA7 23:26:20 574  Default Route:               Do3 23:26:20 574  Known IDomains:              *wwwidgets.com 23:26:20 574  Known IDomains:              *taykratzer.com 23:26:20 574  Allow Direct Send to Other Systems:    No 23:26:20 574  Force Route:                No 23:26:20 574  Error Mail to Administrator:       No 23:26:20 574  Display the active log window initially: Yes 23:26:20 574  NDS Authenticated:             Yes [Public] 23:26:20 574  NDS User Synchronization:         Yes 23:26:20 574  Admin Task Processing:           Yes 23:26:20 574  Database Recovery:             Yes 23:26:20 574  Simple Network Management Protocol (SNMP): Enabled (index 1)

What you are looking for are the Default Route, Known IDomains, Allow Direct Send to Other Systems, and Force Route values. These will tell you exactly how this particular MTA will act.

Remember to think of this entire process from the perspective of the MTA when it receives a message in Internet addressing format. It will first determine whether the IDOMAIN is a known IDOMAIN. If it is, and the Force Route value is No, it will perform a lookup in its index to determine which GroupWise domain the user is in, because it should know about the user, and then look at its link configuration to determine how to route the message to the internal user.

If the message is destined for a user in an unknown IDOMAIN, the MTA will once again check the Force Route value. If the value is set to No, the MTA checks to see whether it can perform a DNS lookup. If it can, it tries to do so. If it finds a match, the MTA tries to connect to the destination MTA across the Internet. If no match is found, it checks the Default Route value, and if something is defined here, the MTA sends the message to this domain. If nothing is defined here, the MTA simply routes the message to the default GWIA.

Publish GWMTP Records to the Internet

Now your MTAs can route messages to other GroupWise systems on the Internet. This is half of the picture. The other half is allowing your MTAs to receive messages from other GroupWise systems. For this to happen, other systems must be able to find at least one of your MTAs using DNS.

GWMTP.TCP Record Information for the DNS Administrator

The following information will be useful to your DNS administrator when defining your GroupWise MTA as an entity that can be contacted on the Internet to transmit GroupWise messages to.

To resolve a foreign Internet domain name, a GWMTP-enabled MTA will perform a DNS lookup for an address record of a particular Internet domain name. If the address record is found, the MTA will look for either a service (SRV) or text (TXT) record for the GWMTP.TCP service.

A full explanation of domain name server configuration is beyond the scope of this text. What this book will try to do is provide you with enough information that you can explain to your DNS administrator which records you need.

Each GWMTP.TCP record will have several values associated with it:

  • Name: The service name must begin with GWMTP.TCP, for instance, GWMTP.TCP.NOVELL.COM.

  • Class: The record class can be SRV or TXT. Choose whichever of these is easiest for you to support using the DNS tools you have.

  • Priority: This can be any number, but for a single-MTA system, it should be 0. If you have more than one MTA, you can set one to be 0, and another to be 1. In this case, the MTA with a priority of 1 will be used only if the MTA with a 0 priority is not responding.

  • Weight: Weight can also be any number. This value is used for load balancing. If two MTAs have the same priority but different weights, the one with the lower weight is preferred. If that MTA is too busy, connections will be made to the MTA with the higher weight (and the same priority) next.

  • Time to live: Typically listed in seconds, this is the amount of time this record will be valid before being refreshed. If you need to make a change to an MTA's IP address or port, the time to live can be the minimum amount of time it will take your changes to propagate across the Internet DNS system.

  • IP address: This is the IP address of the MTA.

  • Port: This is the GWMTP port for this MTA, typically 7100. If you choose another port value here, you must also choose that value under the Network Address tab of the MTA object properties.

Now your DNS has an entry for your MTA that allows other MTAs on the Internet to discover your MTA's capability to speak GWMTP.

In most cases your system defaults will probably work all right, but in some cases you might like to use an override option to make sure that messages are routed to the most efficient route for this location. This type of override can be found in MTA objects. MTA overrides can be used to do the following:

  • Specify default routing domains on a domain-by-domain basis (rather than at the system level)

  • Force all mail to be routed to the routing domain

  • Specify MTA to allow GWMTP communication

A routing option override can be used to route undeliverable local mail through a different domain that might have GWMTP enabled. Additionally, if a routing domain is defined and an override is selected to force all messages to a default routing domain, the domain's MTA will force all mail that is not deliverable in its local domain to be routed through the default routing domain. The last routing option, which allows MTA to send directly to other GroupWise systems, is used to specify whether the domain MTA is allowed to communicate via GWMTP.

Tip

Here is the difference between a default routing domain and a default GWIA. The default routing domain is for Internet-bound email that can be sent via GWMTP. The default GWIA is for Internet-bound email that cannot be sent via GWMTP. For routing purposes, it would therefore make sense to have the default GWIA reside on the default routing domain.




NOVELL GroupWise 7 Administrator Solutions Guide
Novell GroupWise 7 Administrator Solutions Guide
ISBN: 0672327880
EAN: 2147483647
Year: 2003
Pages: 320
Authors: Tay Kratzer

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net