> -----Original Message----- > From: Brian Johnson > Sent: Friday, January 31, 2003 12:36 AM > Subject: Re: Sendmail config > > > I am now playing with DaemonPortOptions and Modifiers=b in > sendmail to have computers use port 30 (but still want local > connections through port 25 so trying two ports on local machine) > > Can now telnet on port 30 from computer B to computer A > > Still not getting mail through ... but at least now should be > limited to sendmail options > Brian, Based on the requirements you have stated in other posts, you should not have to configure your MTA to listen on another port. You have other problems. Probably firewall related. Might I suggest that you take a big step backwards and... 1) Create a LAN/WAN firewall design document. Create a document for each site/office. The following link will give you an example of what I do before I sit down to configure a firewall and the available services running behind that firewall. If you don't have access to Visio, then use a spreadsheet program and map the services available between firewall zones as I have shown in this document. Anyway, checkout: http://www.infohiiway.com/cowlesnet for an example 2) Configure/test your firewall(s) to the design document(s) created in step one. Test using ip addresses/ports, not FQDN. If you are unable to contact a particular service... (do not pass go, do not collect 200 dollars) fix the problem before continuing to step 3. With regards to sendmail, I remove the daemonportoptions at this stage until I get the firewall working correctly. I also place ALL: ALL in /etc/hosts.allow until I get the firewall working. Then I lock down the application. (step 4 below) 3) Resolve DNS (resolver lib) issues. Especially issues like accessing a masq'd system from behind your firewall using your firewalls external IP address. Some firewalls are just not capable of (re)masq'ing packets of data. i.e. From a node on your private LAN (192.168.1.20), access your web server by its FQDN www.mydomain.com (which is also on your private LAN at 192.168.1.10) using a public IP address (returned from ISP's DNS server). The packet is first masq'd, then hits the external ip address of your firewall, then the firewall (if configured) must remasq this packet and send it back out on the private LAN segment. I won't even get into the reply packet path. :-( IMO: This type of packet traversal just flat out sucks! But if your not able to setup your own autonomous caching DNS server (behind your firewall) to return a private IP address for www.mydomain.com, then your stuck with this horrible hack where your firewall is involved in accessing local systems. FWIW: I run a multi-view bind-9 setup at this end. If a DNS request comes from the internet for www.mydomain.com, the public IP address is returned (external ip of firewall). If a DNS request comes from my private/dmz networks for www.mydomain.com, the private ip address is returned (rfc1918 address). This eliminates my firewall from handling requests that originate locally, but destined for the local/dmz networks. 4) Finally, once the above tasks are complete and tested, configure your application services like smtp, www, etc... With regards to your post, my smtp server (sendmail) is configured to handle multiple domains along with being a backup MX for other domains. For my registered domains, I have configured sendmail (running in the dmz) to relay all inbound e-mail to my exchange server (mailertable). For the backup MX domains, sendmail is configured to queue all e-mail locally for later delivery using ETRN (also using the mailertable). All this is done with a single instance of sendmail listening on port 25. i.e. No DeamonPortOptions... Well thats my two bits (well really 4 bits) Good Luck Steve Cowles -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
