On Sun, 10 Sep 2000, Mr. James W. Laferriere wrote: > > Hello Semat , > >On Sun, 10 Sep 2000, semat wrote: >> You do not need to use the access database. Simply set inside's smart >> relay host to in&out and then on in&out do not allow relaying just not >> putting anything in access and relay domains should solve this. thus >> inside will be able to send mail to in&out but not to the outside since it >> will say relaying denied. I've done this also. Using my version of the machine 'in&out' as Sendmail's Smart_Host all mail sent by 'inside' went directly to 'in&out'. It could deliver mail in that box but not to the outside world. > I'll definately give this a try . But ... I don't see how I can > keep all the users addresses in the same domain ? > ie: joey@fictitous.com (on 'in&out') > joseph@fictitous.com (on 'inside') One method would be to set up 'in&out' as your mail server and set it up with a virtual domain of fictitous.com. All mail to any of your machines on the 'inside' network would go to user accounts on 'in&out'. To receive their mail machines on the 'inside' network would have to log on and download it from the 'in&out' box using fetchmail, Outlook Express, or some other mail retrieval program. > If I use an entry in the aliases file then 'inside' can be reached > from 'The World' . This 'easily' bypasses any of the Spam > prevention techniques I have (tried) using . It appears that > the forwarding done in the aliases file happen well before the > actions in the spam filters . Use the above configuration and set up your spam filter in 'in&out'. This will solve your spam problem. > I can see that I left another wonderful item out of the setup > below . All the users are using either Internet exploder or > PC-pine for accessing their email using imap . All access to This will work fine if you set up 'in&out' as your mail server. In you're set up to allow users to download mail from other external POP3 accounts, you can set up 'in&out' to retrieve mail from other POP3 accounts using fetchmail, which will place the mail in the respective user accounts on 'in&out', which will then be downloaded by the 'inside' machines using 1 of the above mentioned mail retrievers. > 'inside' is from known ip's . Access to 'in&out' may be from > unknown ip's . IF I don't put the users machines ip's into either > of the access/relay files on 'in&out' They can nolonger send email > to 'The World' ie: relaying denied . Hmm. I thought you didn't want those machines to send mail out to the world. Did I miss something? You can set up selective machines/users on the internal network to send mail to the world by adding their machine name or username@machinename to access, or if you have static IPs you can add in their IP numbers to access (better choice). If you do this, for security purposes it's better to set up ipchains so that all mail looks like it originates from 'in&out'. Glen > Thus I already have something in the access &/or relay files . > >> On Sun, 10 Sep 2000, Mr. James W. Laferriere wrote: >> > Hello All , I am having a bit (to put it mildly) of trouble with >> > trying to create two systems . One which users will have access >> > to external email & internal , the others will have access to >> > internal only . my setup is something like this . all ip's >> > are fictitous . >> > >> > ------------------------------------- ------------------------- >> > | | | | | >> > [ inside ] [ in&out ] [ router ] [ The World ] >> > ( smart host ) >> > 10.0.0.1 199.33.245.7 >> > Not Routeable Routeable >> > >> > - 'inside' can send email to 'in&out' . >> > - 'in&out' can send email to 'inside' . >> > - 'in&out' can send email to 'The World' . >> > - 'The World' can send email to 'in&out' . >> > >> > - 'inside' cannot send email to 'The World' . >> > - 'The World' cannot send email to 'inside' . >> > >> > - All users must have addresses in the same domain . >> > ie: joe@ficticous.com >> > >> > At present: >> > - 'in&out' is the primary (smart) mailer for the domain . >> > - 'inside' points all mail that it doesn't know how to handle to the >> > smart host 'in&out' . >> > >> > I have tried several sendmail 'access' database permutions on the >> > 'smart host' to no avail . If I attempt to reject mail from >> > 'inside' it can nolonger send email to 'in&out' . You can guess >> > how the rest of the permutations I have tried have gone . >> > > All helpful insights are welcome . Tia , JimL > +----------------------------------------------------------------+ > | James W. Laferriere | System Techniques | Give me VMS | > | Network Engineer | 25416 22nd So | Give me Linux | > | babydr@baby-dragons.com | DesMoines WA 98198 | only on AXP | > +----------------------------------------------------------------+ > >- >: send the line "unsubscribe linux-net" in >the body of a message to majordomo@vger.kernel.org > - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
