Greetings! Tim Sailer wrote:
WARNING! If you go that way without further bastioning, you will create an open relay - and thus be blackholed faster than you could imagine.Now, we have a split-dns setup, so the hosts/IPs seen outside our firewall don't actually point to the real machines in most cases, and the SMTP gateway uses our internal DNS, so knows how to deliver mail properly. Without split DNS, you can do this with creative use of /etc/hosts (I think) but DNS/MX would do the job for you.
Make sure, that mail ONLY is accepted if it (exclusively) either
1.) comes from LAN and goes out
2.) comes from outside and goes to LAN
Usually MTAs look at MX records for mail delivery, so you won't be able to use /etc/hosts for fudging - that file only can do A/PTR entries (DNS-wise speaking).
Bye
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstraße 100
D-10997 Berlin
fon +49 30 6104-3307
fax +49 30 6104-3461
[EMAIL PROTECTED]
http://www.discon.de/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]