The KotNet Mail Transport System

Structure

The figure above illustrates the KotNet Mail Transport System. Two machines outside the KULeuvenNet firewall are taking all email for *.kotnet.org. They transfer this to three internal mailhubs, which are also the entry points of internally generated mail. Those mailhubs translate mail@kotnet.org and possibly mail@kot.kotnet.org addresses to user@host.kot.kotnet.org or to an outside email address.
Remark: in reality some machines operate at different layers in the hierarchy of the diagram.

The advantage of this setup is that @kotnet.org and @kot.kotnet.org email is delivered even when some hosts are down and secondly that changing the end destination of these addresses is a piece of cake. Addresses @host.kot.kotnet.org are under the sole responsibility of the machine's hostmaster and might be less reliable.

Configuration

The configuration of the translation of user@kotnet.org and user@kot.kotnet.org addresses is performed on a central host (astec.kotnet.org). Access is provided through a shell account open to all KotNet admins. For each domain it contains a recipientmap file with lines of the form jos@kotnet.org:jos@jos.kotnet.org. This also translates jos-*@kotnet.org to jos-*@jos.kotnet.org. At logout, the configuration is transferred by simple mail to the different mailhubs.

As alternatives to this configuration, a public database solution through LDAP or DNS was taken under consideration. DNS seemed most attractive for reliability reasons. The idea was to have PTR records like jos.at.kotnet.org IN PTR jos.jos.kotnet.org and patch the MTAs to handle this. However, to protect privacy and prevent email address harvesting, a less public solution was implemented.

Reliability

From the setup diagram, you can derive which sets of machines have to be down to impact immediate email delivery. Furthermore, mail transport only depends on the correct operation of internal and external DNS. A notable incident was the cracking of an external kotnet.org DNS server, which caused some mails to bounce. Another incident was an internal mailhub using a non-kotnet.org DNS server (as a backup DNS server, but that does not make it less evil), causing mail loops when its first DNS server became unaccessible (no, it did _not_ go down).

Reassuring facts are that the kotnet mailhubs:

• retry delivery for one week before bouncing
• are able to handle at least ten times the current load
• can handle mails of at least 10 MB, most of the time more than 50 MB
• never went down together, except for general power failures
• use TLS1.0 with strong encryption

Questions ?