Hello Glen ,
On Sun, 10 Sep 2000, Glen Lee Edwards wrote:
> On Sun, 10 Sep 2000, Mr. James W. Laferriere wrote:
> >On Sun, 10 Sep 2000, semat wrote:
> >> You do not need to use the access database. Simply set inside's smart
> >> relay host to in&out and then on in&out do not allow relaying just not
> >> putting anything in access and relay domains should solve this. thus
> >> inside will be able to send mail to in&out but not to the outside since it
> >> will say relaying denied.
> I've done this also. Using my version of the machine 'in&out' as
> Sendmail's Smart_Host all mail sent by 'inside' went directly to 'in&out'.
> It could deliver mail in that box but not to the outside world.
^^ 'It' as in your version of 'inside' , correct ?
> > I'll definately give this a try . But ... I don't see how I can
> > keep all the users addresses in the same domain ?
> > ie: joey@fictitous.com (on 'in&out')
> > joseph@fictitous.com (on 'inside')
> One method would be to set up 'in&out' as your mail server and set it up
> with a virtual domain of fictitous.com. All mail to any of your machines
> on the 'inside' network would go to user accounts on 'in&out'. To receive
> their mail machines on the 'inside' network would have to log on and
> download it from the 'in&out' box using fetchmail, Outlook Express, or
> some other mail retrieval program.
Something the Customer doesn't wish to do . 'inside' isn't a
network , 'inside' is a user mail system . There are users each
with a workstation (but not always the same one) that access their
email from the host 'inside' & Some which use 'in&out' .
The users on 'inside' can not send mail out to 'The World' .
The users on 'in&out' can send mail out to 'The World' .
Btw: 'The World' is any network/host/domain not using the ip's on the same
side of 'router' as 'in&out' .
> > If I use an entry in the aliases file then 'inside' can be reached
> > from 'The World' . This 'easily' bypasses any of the Spam
> > prevention techniques I have (tried) using . It appears that
> > the forwarding done in the aliases file happen well before the
> > actions in the spam filters .
> Use the above configuration and set up your spam filter in 'in&out'. This
> will solve your spam problem.
OK . I don't beleive there is a spam problem . But , setting up
an appropriate filter may help keep 'inside's users from mailing
to 'The World' . At least that is my hope .
> > I can see that I left another wonderful item out of the setup
> > below . All the users are using either Internet exploder or
> > PC-pine for accessing their email using imap . All access to
> This will work fine if you set up 'in&out' as your mail server.
'in&out' already is the Primary (ie: smart host) mail point for
both incoming email & outgoing email for an active domain .
> In you're
> set up to allow users to download mail from other external POP3 accounts,
> you can set up 'in&out' to retrieve mail from other POP3 accounts using
> fetchmail, which will place the mail in the respective user accounts on
> 'in&out', which will then be downloaded by the 'inside' machines using 1
> of the above mentioned mail retrievers.
Sorry not what I was trying to convey . There are no external
mail servers . Somehow I have not conveyed what I need correctly .
I am not worried about people accessing email
(ie: POP/IMAP/LDAP/...) from other mail servers via there
workstations (at this time) .
> > 'inside' is from known ip's . Access to 'in&out' may be from
> > unknown ip's . IF I don't put the users machines ip's into either
> > of the access/relay files on 'in&out' They can nolonger send email
> > to 'The World' ie: relaying denied .
> Hmm. I thought you didn't want those machines to send mail out to the
> world. Did I miss something?
Uh , Sorry again . The 'The World' in the last sentence s/b
'in&out' .
> You can set up selective machines/users on the internal network to send
> mail to the world by adding their machine name or username@machinename to
> access, or if you have static IPs you can add in their IP numbers to
> access (better choice).
But , Again if I (assuming my 2 system mail setup) add RELAY
for an particular user1@machine('in&out' user) & don't add one for
user2@machine2('inside' user) . user2 will not be able to send
mail to user1 as it will receive "relaying denied" messages .
> If you do this, for security purposes it's better
> to set up ipchains so that all mail looks like it originates from
> 'in&out'.
In the near future a CheckPoint(Linux) firewall will be placed
in the network just internal of 'router' .
OK , I may be getting a glimmer of the idea . But if in the
above you see something glaringly out of whack shout back . ;-)
...snip... Removing my Large net map . Hopefully others with interest
can recapture it from the archive .
All helpful insights are welcome . Tia , JimL
+----------------------------------------------------------------+
| James W. Laferriere | System Techniques | Give me VMS |
| Network Engineer | 25416 22nd So | Give me Linux |
| babydr@baby-dragons.com | DesMoines WA 98198 | only on AXP |
+----------------------------------------------------------------+
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
