Configuration Example
ALOAHA sample configuration
We are frequently being asked what could be the best configuration of Aloaha. Aloaha contains so many modules and modes that it is impossible to give a generic configuration guideline. What we will try to do is to show an example of a typical enterprise installation which includes the SMTP Proxy, the IIS Sink and the POP3 Connector. Furthermore we will show how to use the POP3 Downloader to bring your enterprise a step closer to be compliant to the Sarbanes-Oxley Act and to use Aloaha as a Mail Archiver.
In our sample we have the following existing SMTP Infrastructure:
1 ISA Server, 1 SMTP Relay (IIS) in your DMZ and 1 Exchange Server in your Organisation.
Emails arrive to the ISA Servers Port 25. Port 25 is published via Server publishing rule to the SMTP Relay which forwards the mails to the Exchange Server.
Exhange forward all mails to the SMTP relay inside the DMZ. The ISA Server allows the SMTP relays to send the outbound emails through the ISA Servers Port 25.
Deployment of Aloaha SPAM Rejector, Aloaha SPAM SINK and Aloaha POP3 Connector:
The first step now would be to decide if you are going to install the Aloaha SMTP Proxy on the ISA Server and the SINK on the SMTP Relay or if you would prefer to install both on the SMTP Relay. We always suggest to install the SMTP Proxy on the Firewall itself since this is the most efficient place for a transparent SMTP Proxy which can be seen as a Port 25 Firewall itself. To install the Aloaha SMTP Proxy on the ISA Server you need to disable your server publishing rule for Port 25 and create a packet filter for Port 25 instead. This Packet Filter needs to allow Port 25 traffic in both directions.
The second step is to install Aloaha SPAM Rejector on this machine. Once you installed it you should do some basic configurations. Open the Aloaha Management Console and browse to General Options / Local Domains. Once you configured your local domains please enable the option "Accept only emails sent to Local Domain". Now you need to browse to General Options / Service Control. In Listen IP/Port you enter the external IP of your Machine and Port 25. In forward IP and Port you configure the IP Number of your SMTP Relay and Port 25. Then you click "set", enable "Activate transparent SMTP Proxy" and click "start service". After about 30 seconds Aloaha will start accepting emails. Please note that by default Aloaha at this stage is in simulation mode. That means it will not reject any connections. It is best to browse to "General Options / Settings" and disable the simulation mode from the beginning. The idea of the Aloaha Proxy is that it cannot loose any emails. Even if you missconfigure something the emails either remain in the queue of the sending server or will pass through.
The third step would be to install a second instance of Aloaha (the Aloaha SINK) on the SMTP relay. You might ask why this is needed. In fact it's not needed but you can use the Aloaha SINK to add legal disclaimer to your outbound emails or to scan emails which are entering your system through other means than your Port 25. Maybe you have a backup MX which forwards the emails directly to your relay MX or you are using a 3rd party POP3 Connector. For you it is important to know that emails will never be scanned double. Aloaha SINK "knows" which emails have been scanned by the Proxy and will not scan these emails again. After the setup has finished you need to activate the IIS SINK. But before you activate the SINK please configure your local domains as described in "the second step". To activate the SINK you open the Aloaha Mangement Console and browse to General Options / Service Control / IIS SINK Integration. There you need to configure the Postmaster address and other options you wish to use. After that you just click "Register Aloaha SINK". Please note that the registration and unregistration of SINKS will restart your IISADMIN Service.
The fourth step is to configure the Aloaha POP3 Connector. You might ask why you need to use the Connector if you don't have any external mailboxes. If you read about Exchange Message Journaling you will know that journaling will copy a copy of every email which passes through an exchange store to an Archive Mailbox. The result is that your Mailbox store will grow more than double in size. You might even want to become Sarbanes-Oxley Compliant and need to archive all your emails to a read only medium such as a CD-R or DVD-R. That can be done with the POP3 Connector. It will connect to your archive Mailbox and download the mails. At this point you can configure if you want the downloaded mails to be saved into a directory such as your CD-R, DVD-R or if you want to submitt them to a pickup directory or SMTP Server.
Aloaha Proxy will accept emails on Port 25 of your ISA Server and forward HAM to the SMTP Relay. The Aloaha SINK will "know" that these emails have been scanned already by the Aloaha Proxy and will not scan them again. If mails enter the SMTP Relay from other Servers such as a Backup MX, SASL Port or 3rd Party POP3 Connector the Aloaha SINK will scan them and forward them.
Your SMTP Relay will receive the outbound emails from your internal Exchange. The Aloaha SINK will detect them as outbound and will add the disclaimer. Once the Aloaha SINK passes the email back to the Relay it will send it out to the Internet.
Q: If I am using two Aloaha instances do I need to keep 2 different configurations?
A: NO, Aloaha is designed to share a common configuration database. In case you use the default access database you can share this config.mdb via a share and keep the config of both instances synchronized. In case you are using SQL as a backend Database you can configure both Aloahas to use the same SQL Database.
Q: I am seeing lots of emails in the Mail Monitor of Aloaha. Is it possible to use that Database as an archive?
A: YES, even the Database is a Mail Archive. It keeps the last 1000 non SPAM (HAM) emails which passed through the Proxy, SINK or POP3 Connector. This default value 1000 can be changed to a larger or smaller value.
