cancel
Showing results for 
Search instead for 
Did you mean: 

Ironport & plans for the Email Platform 2008/2009

Community Gaffer
Community Gaffer
Posts: 12,801
Thanks: 634
Fixes: 62
Registered: 04-04-2007

Ironport & plans for the Email Platform 2008/2009

This post is intended to be read in conjunction with the blog post published here and contains some of the finer technical details concerning Plusnet's plans for their email platform over the following few months.
Be warned it goes into quite a lot of detail, so if you're looking for a top level overview of what's planned then you should read the blog post linked above if you haven't done so already.
Spam filtering and IronPort
Apart from messages that are blocked as 100% spam, all other email is currently scored and passed on by our mail platform. For the ease of implementation all spam filtering is (currently) defined in Postini under a catch all user on each domain. This creates problems where email to invalid mailboxes still drops through, consuming resources on the platform.

The planned approach with the introduction of IronPort is to take out Postini, and drop in IronPort. Postini is an on-net solution and is built around making SOAP calls to a database. Ironport on the other hand is an actual network appliance where each mailbox (as opposed to domain) is defined using LDAP schemas. An additional service will be layered on top of the existing mail databases where per mailbox filter data will be held.
Due to the per mailbox structure, email destined to invalid mailboxes will be terminated before our mail platform therefore freeing up resources.

The hardware for the new solution comprises of:
LDAP servers
4 x Ironport X1060's (2 per site)
2 x Ironport M Series (1 per site)
Spam scoring is based on Ironport's 'reputation based filter' and will be set to a conservative level. Messages with scores between -10 and -7 will be blocked, -7 to -2 will be throttled, -2 to +7 will be scanned for spams, and greater than +7 will be allowed, and assumed clean. These settings will allow us to continue offering the controls that are available in the Manage My Mail tool. A separate thread has been set up here for discussions surrounding spam scoring.
The spam score appears in the headers of a message as follows:

X-SBRS: -1.6
X-IronPort-AV: E=McAfee;i="5200,2160,5386"; a="163332"
X-IronPort-AV: E=Sophos;i="4.32,422,1217804400";
Return-path: <me@privacy.net>
Envelope-to: me@privacy.net
Delivery-date: Thu, 18 Sep 2008 18:26:49 +0100
Received: from [84.92.7.60] (helo=pih-ironport01.plus.net)
    by pih-sunmxcore19.plus.net with esmtp (PlusNet MXCore v2.00) id 1KgNHE-0000VV-SA
    for me@privacy.net; Thu, 18 Sep 2008 18:26:48 +0100
Authentication-Results: pih-ironport01.plus.net; dkim=neutral (message not signed) header.i=none
Received-SPF: None identity=pra; client-ip=193.92.70.157;
  receiver=pih-ironport01.plus.net;
  envelope-from="me@privacy.net";
  x-sender="me@privacy.net";
  x-conformance=sidf_compatible
Received-SPF: None identity=mailfrom; client-ip=193.92.70.157;
  receiver=pih-ironport01.plus.net;
  envelope-from="me@privacy.net";
  x-sender="me@privacy.net";
  x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=193.92.70.157;
  receiver=pih-ironport01.plus.net;
  envelope-from="me@privacy.net";
  x-sender="me@privacy.net";
  x-conformance=sidf_compatible
X-SBRS: -1.6
X-IronPort-AV: E=McAfee;i="5200,2160,5386"; a="163332"
X-IronPort-AV: E=Sophos;i="4.32,422,1217804400";
  d="scan'208,217";a="163332"
X-SPF: failed
Received: from pcsolutions.kor.forthnet.gr ([193.92.70.157])
  by pih-ironport01.plus.net with ESMTP; 18 Sep 2008 18:26:45 +0100
Date:  Thu, 18 Sep 2008 20:26:45 +0300

The following diagram shows the flow of messages through the spam and virus filters:

Once the production build and development of the platform is complete then we will need to migrate customers from Postini to Ironport. This will be a gradual process and will call on a script to migrate data from the current mail database to the LDAP servers:

Hardware Consolidation & outbound mail
This is simply a physical change to to the flow of email.
We'll be keeping the mail delivery servers we have but there will no longer be a differentiation between the mx.core and mx.last platform. The POP/IMAP functions of the current mail collection servers will be moved into a virtual environment on the same devices used for the mx.cores/mx.lasts. This virtual environment will then be responsible for both email delivery and email collection and will be collectively referred to as the mailhost.

4 x X1060's will be used for all outbound email. These servers will offer SMTP authentication in order to maintain the level of service that is currently available. They also support the scanning of outbound email.

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵