With Internet addressing enabled, MTAs can now connect directly to other GroupWise systems. This type of connectivity, often called GWMTP for GroupWise message transfer protocol, allows native message format and encryption to be maintained. Retaining the GroupWise message format between GroupWise systems is not a new concept. The same functionality is available without GWMTP, but it requires a pass-through GWIA or Async gateway. To get the same functionality with these gateways, an external domain and post office would have to be configured and maintained for every other system to which your users will send email. The maintenance of these external user entries and external domains could require a lot of an administrator's time. The big advantage of GWMTP is that the setup has to be done only once. After it has been enabled, ongoing maintenance should be minimal. The three basic requirements to enable GWMTP are the following:
This chapter has already discussed enabling Internet addressing. This next section moves directly to a walkthrough of configuring the MTA. Allowing MTAs to Send Directly to Other GroupWise SystemsThe first thing you need to do is allow MTAs to send directly to other GroupWise systems. Following are the steps to enable an MTA in your GroupWise system to communicate on the Internet with other GroupWise MTAs:
You have told the entire GroupWise system that if users send a message to an Internet domain that is not in your GroupWise system, the message should first be sent to the default routing domain. If the MTA for the default routing domain determines that the destination domain does not support GroupWise MTP communication over the Internet, it should route the message to the GWIA. Allowing MTAs to Browse DNSNow every MTA in your system is going to attempt to look up other GroupWise systems via DNS. This means that every MTA must be able to see a valid domain name server. Typically, DNS requests are transmitted on port 53, so you should make sure that this port is not being filtered by your firewall. Most organizations won't have a problem with this, assuming that they allow end users to browse the Web. Web browsing also requires DNS requests, so port 53 is probably already open. Allowing MTAs to Connect on High-Numbered PortsYou might, however, have a problem with high-numbered ports. When the MTA finds another system's MTA on the Internet (via DNS), it will try to open a connection there, and its source port will be a high-numbered port. For security reasons, many administrators do not want to have all MTAs exposed to high-numbered ports on the Internet. If you have this same concern, read about default routing domains and overrides in the next section. Default Routing Domains and OverridesThe best way to avoid exposing all the MTAs in your system is to tell the GroupWise system to send all mail not destined to a known IDOMAIN to a default route. This would basically be all Internet mail. You rarely will want to force all messages (even messages going to a known IDOMAIN) to the default route. A single system-wide default routing domain is usually advisable only for GroupWise systems that have a low volume of outbound Internet email, however. On large, high-volume systems (more than 50,000 Internet messages per day), the burden on a single MTA can be too great, because all Internet-bound email passes through this MTA. Each outbound message requires a DNS lookup to determine whether it is bound for another GroupWise system. The solution is to use overrides, as detailed here:
To summarize how default routing domains work, there are basically three options you can set at the system level in this area:
You can use the override options on any of these settings, which basically allow you to change what any particular domain is going to use that differs from what you set under System Preferences, System Operations, Routing Options. There are basically two ways we recommend for setting up default routing domains so that you do not need to have all MTAs doing DNS lookups. If the majority of the domains should be performing DNS lookups, follow this approach:
If most of your domains should not perform DNS lookups, you take the reverse approach, as outlined in the next series of steps:
The MTA can now perform DNS lookups. If it cannot find the DNS entry, it sends the message to the default routing domain. Now a tip on how to determine what each MTA is really doing: The top of an MTA's log file contains the configuration information. Following is an example of the general settings at the beginning of the MTA log: 23:26:20 574 General Settings: 23:26:20 574 Domain Directory: d:\do3 23:26:20 574 Work Directory: d:\do3\mslocal 23:26:20 574 Preferred GWIA: Do1.GWIA7 23:26:20 574 Default Route: Do3 23:26:20 574 Known IDomains: *wwwidgets.com 23:26:20 574 Known IDomains: *taykratzer.com 23:26:20 574 Allow Direct Send to Other Systems: No 23:26:20 574 Force Route: No 23:26:20 574 Error Mail to Administrator: No 23:26:20 574 Display the active log window initially: Yes 23:26:20 574 NDS Authenticated: Yes [Public] 23:26:20 574 NDS User Synchronization: Yes 23:26:20 574 Admin Task Processing: Yes 23:26:20 574 Database Recovery: Yes 23:26:20 574 Simple Network Management Protocol (SNMP): Enabled (index 1) What you are looking for are the Default Route, Known IDomains, Allow Direct Send to Other Systems, and Force Route values. These will tell you exactly how this particular MTA will act. Remember to think of this entire process from the perspective of the MTA when it receives a message in Internet addressing format. It will first determine whether the IDOMAIN is a known IDOMAIN. If it is, and the Force Route value is No, it will perform a lookup in its index to determine which GroupWise domain the user is in, because it should know about the user, and then look at its link configuration to determine how to route the message to the internal user. If the message is destined for a user in an unknown IDOMAIN, the MTA will once again check the Force Route value. If the value is set to No, the MTA checks to see whether it can perform a DNS lookup. If it can, it tries to do so. If it finds a match, the MTA tries to connect to the destination MTA across the Internet. If no match is found, it checks the Default Route value, and if something is defined here, the MTA sends the message to this domain. If nothing is defined here, the MTA simply routes the message to the default GWIA. Publish GWMTP Records to the InternetNow your MTAs can route messages to other GroupWise systems on the Internet. This is half of the picture. The other half is allowing your MTAs to receive messages from other GroupWise systems. For this to happen, other systems must be able to find at least one of your MTAs using DNS. GWMTP.TCP Record Information for the DNS AdministratorThe following information will be useful to your DNS administrator when defining your GroupWise MTA as an entity that can be contacted on the Internet to transmit GroupWise messages to. To resolve a foreign Internet domain name, a GWMTP-enabled MTA will perform a DNS lookup for an address record of a particular Internet domain name. If the address record is found, the MTA will look for either a service (SRV) or text (TXT) record for the GWMTP.TCP service. A full explanation of domain name server configuration is beyond the scope of this text. What this book will try to do is provide you with enough information that you can explain to your DNS administrator which records you need. Each GWMTP.TCP record will have several values associated with it:
Now your DNS has an entry for your MTA that allows other MTAs on the Internet to discover your MTA's capability to speak GWMTP. In most cases your system defaults will probably work all right, but in some cases you might like to use an override option to make sure that messages are routed to the most efficient route for this location. This type of override can be found in MTA objects. MTA overrides can be used to do the following:
A routing option override can be used to route undeliverable local mail through a different domain that might have GWMTP enabled. Additionally, if a routing domain is defined and an override is selected to force all messages to a default routing domain, the domain's MTA will force all mail that is not deliverable in its local domain to be routed through the default routing domain. The last routing option, which allows MTA to send directly to other GroupWise systems, is used to specify whether the domain MTA is allowed to communicate via GWMTP. Tip Here is the difference between a default routing domain and a default GWIA. The default routing domain is for Internet-bound email that can be sent via GWMTP. The default GWIA is for Internet-bound email that cannot be sent via GWMTP. For routing purposes, it would therefore make sense to have the default GWIA reside on the default routing domain. |