[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network Layout

To: klug@xxxxxxxxxxxxxxxx
Subject: Re: Network Layout
From: "Adam Williams" <awilliam@xxxxxxxxxxxxx>
Date: Thu, 31 Dec 1998 00:42:23 +0000
In-Reply-To: Richard Lohman <rjlohman@yahoo.com> "Network Layout" (Dec 30, 1:49pm)
References: <19981230214908.7697.rocketmail@send105.yahoomail.com>

>
> With all of that out of the way, my question is simple. Is this a
> strange, non-standard, flawed, etc. design?
> I ask because we cannot receive e-mail into our e-mail server from
> some other e-mail services. I took a look at the logs, and after an
> smtp connection is established between the remote/local e-mail
> servers, the local email server tries to establish an smtp connection
> with the firewall NIC on the public side. Since this NIC's address is
> in one subnet, and the e-mail is on another - the result is no
> connection & no e-mail. Outgoing e-mail is not a problem. We've now
> set up two different e-mail servers (one IBM, and one Linux), and they
> respond the same, so it looks like perhaps a DNS/routing issue? Any
> comments are appreciated.
>


Your setup is beautiful (that is, very similar to mine).
Because you are using NAT/Masq. a remote host cannot make a connection to your
e-mail server,  it wants to talk to your firewall.  This is good.  You need to
setup a mail relay on your firewall (i.e. sendmail)  or else use a program like
"redir" to redirect all traffic to port 25 (SMTP) on the firewall's public
interface to the interface on the mail server. Sendmail can be setup to accept
mail for domains such-and-such and send any "local" mail to another mail
server.  It acts like a relay.  Just tell your e-mail server that your firewall
is now the "Smart Host" so it sends any non-local e-mail to him to deal with.
 It is a good idea to block ALL port 25 traffic from the internal network for
all hosts except the mail server so users can't send mail around the mail
server (which then doesn't get logged).  Then tell the firewall to accept
e-mail and forward all local users to the mail-server.


Important sections of sendmail.cf on the firewall:
----------------------------------------------------------
# file containing names of hosts for which we receive email
Fw/etc/sendmail.cw
# "Smart" relay host (may be null)
DS
# who I send unqualified names to (null means deliver locally)
DRmailserver
# who gets all local email traffic ($R has precedence for unqualified names)
DHmailserver
# who I masquerade as (null for no masquerading) (see also $=M)
DMmy-domain.com

Important section of sendmail.cf on the mailserver:
-----------------------------------------------------------

# "Smart" relay host (may be null)
DSsmtp:myfirewall
# unqualified names (that is, names without @host) to
DR
# who I masquerade as (null for no masquerading)
DMmorrison.iserv.net

References:
- Network Layout
  - From: Richard Lohman

Prev by Date: Re: CD-R(W) recommendations?
Next by Date: Program on a tty
Prev by thread: Network Layout
Next by thread: Program on a tty
Index(es):
- Date
- Thread