Implementing LinuxExim based system for Banks' Mail Gateway

1
Implementing Linux/Exim based system for Banks'
Mail Gateway

• M Varadaraja Iyer
• IDRBT Hyderabad
• _at_ LINUX - BANGALORE - 2002

2
About IDRBT

• IDRBT(Institute for Development and Research in
  Banking Technology)
• Established by Reserve Bank of India in 1996 as
  apex level Institute to undertake development and
  research in the area of Information Technology
  applied to financial sector, with special focus
  on banking.
• Role an autonomous centre for Development and
  Research in Banking Technology
• Brief Spearhead Technology absorption in the
  Indian Banking System
• Director Dr V P Gulati
• Websites http//www.idrbt.com,
  http//www.idrbt.ac.in

3
Activities

• INFINET Closed User Group CUG network for
  Indian Banking and Financial sector.
• Develop/Deploy Applications on INFINET
• SFMS, MMS etc
• Academic Activities
• M Tech in Banking Technology security
• PhD Programmes
• E-Learning - PGPBTM
• Research and Development
• Certifying Authority for Indian Banking System

4
INFINET VSAT Segment

• Hybrid Network Vsats and Leased Lines
• Over 1350 remote VSATs.
• Hub at IDRBT, Hyderabad.
• Full transponder on INSAT 3B.
• Centrally Managed NMS at Hyderabad
• 100 uptime for hubsite from inception

5
INDIAN FINANCIAL NETWORK INFINET VSAT SEGMENT
6
INFINET Leased Line Segment

• Leased Links covering 21 important cities all
  over the country.
• Mixture of 2Mbps and 64 Kbps lines.
• Reserve Bank of India and 27 Nationalised Banks.
• Other Foreign Banks, FIs, PDs, SDs, Coop. Banks
  since joined the network.
• Mission Critical applications like PDO-NDS, CCI
  Nostro Clearing deployed
• Seamlessly integrated with VSAT network

7
JAMMU
INDIAN FINANCIAL NETWORK (LEASED LINE CONNECTIVITY
CHANDIGARH
GUWAHATI
DELHI
LUCKNOW
JAIPUR
KANPUR
PATNA
AHMEDABAD
CALCUTTA
BHOPAL
NAGPUR
BHUBANESHWAR
MUMBAI
PUNE
VSAT Network
HYDERABAD
GOA
64/128 kbps leased line
BANGALORE
2 mbps leased line
CHENNAI
Integration of VSAT network with Terrestrial
network
KOCHI
NMS at Hyderabad
THIRUVANANTHAPURAM
Back up NMS at Mumbai
8
IDRBT Mail Messaging System

• Primary Role Mail Gateway for the Banking
  System
• Entire Mail system of Reserve Bank of India and
  20 odd Public Sector Banks depend on IDRBT Mail
  gateway
• Bridge between the closed user group INFINET
  and the outside world for seamless to and fro
  transmission of mail
• Implemented with standard protocol - SMTP
• Ancillary services
• DNS services
• Domain Name Registration
• Web Based mail access from Internet

9
Mail Messaging System Architecture
10
Mail Messaging System Requirements

• Receive Mails from Internet and deliver to Mail
  servers within CUG
• Receive Mails from CUG and deliver to Mail
  servers within CUG as well as in Internet
• Multiple Mail servers for each Bank
• But each Bank has standard e-mail id of form
  name_at_Bank.co.in
• Mail box fully qualified address will be
  name_at_locaton.bank.co.in
• The mailbox id to be translated from mail-id by
  some list lookup process and mail delivered to
  the appropriate Bank server over SMTP session

11
Pre-existing System

• Based on Microsoft Exchange server and Active
  Directory
• Lookup based on Active Directory Contacts and DNS
  hosts entries
• Complex system, prone to regular breakdown
• Poor diagnostics and mail tracing facilities
• Difficult to Manage and troubleshoot

12
Wish List for New System

• Stable and Easy to Maintain system
• MTA should be closely integrated with a Database
  system for fast lookup for mail routing
• The routing entries should be available for
  addition/deletion from remote sites with web
  front end
• Good Mail logging and traffic monitoring features
• Easy troubleshooting and diagnostics facilities

13
Options Considered

• Platforms
• Linux
• Unix
• FreeBSD
• MTAs
• Qmail with LDAP
• EXIM with MySQL

14
Solution Implemented

• Linux Platform
• Exim MTA
• Exiscan with Mcafee and Sophos AV engines for
  Virus scan
• MySQL database server for storing routing
  information
• Apache/PHP website with login access control for
  updating database from remote Bank locations

15
Why we decided on EXIM

• Easy Installation and Configuration
• Native support for Backend Database lookup and
  support
• Exceptional logging and diagnostics
• MTA originally developed for gateway hub
• Anti Virus scanning facility at SMTP session
  level with Exiscan patch
• Excellent traffic queue monitoring and
  reporting features
• Recommendation of Sri Suresh Ramasubramoniam, who
  assisted in setup and configuration

16
Gateway MMS Setup
INTERNET
INFINET
17
System Components

• 8 Mail Servers
• Platform RedHat Linux 7.2
• MTA Exim 4.10 patched with Exiscan 4.12
• Exim 4.10 with MySQL
  support on Hub 5 6
• Anti Virus Engine McAffee on Hub 1, 2, 7, 8
• Sophos on the others
• 2 Mail Servers Receive from Internet servers
• 2 Mail Servers Deliver Mail to Internet servers
• 2 Mail Servers Receive from Infinet servers
• 2 Mail Servers Deliver Mail to Infinet servers

18
System Migration

• The system migration carried out in a carefully
  calibrated, phased manner
• Minimum disruption to users
• Migration largely transparent to remote users
• Minimum configuration change at remote Bank
  servers
• Commenced in Feb 02, completed by Jun 02
• All the servers working smoothly without any
  problems since then

19
Current Status

• Mail Gateway used by all offices of Reserve Bank
  of India and 20 odd Public Sector Banks as a
  reliable backbone
• Daily auto-generated e-mail report to Mail
  Administrator on mail traffic volume, delivery
  efficiency and errors encountered using
  eximstats script from all servers
• Daily cycling of log files
• Remote addition/deletion of routing entries in
  the MySQL database with PHP based website
• MySQL database replicated in 2 servers for higher
  redundancy
• Very useful in diagnosing errors/problems at
  remote servers
• All mail scanned by 2 different anti-virus
  engines all mail containing malicious content
  summarily dropped at SMTP session level itself

20
Summary

• Exim on Linux is a very efficient solution for a
  Mail gateway system
• Provides seamless backend database support
• Exiscan anti-virus wrapper patch with tight
  integration with MTA provides efficient screening
  of mail content and dropping of malicious mail
• Exceptional logging, de-bugging and
  troubleshooting facilities
• Easy Manageability

21

• Questions ?
• Thank You