On 2009-10-02 Augusto Casagrande wrote:
> My idea is to put 2 MTA's servers, one in the DMZ and the other in the
> LAN. The goal is to get security in the LAN , and only expouse one
> server to the internet. Also, i want to "decompress" the traffic ,
> between the LAN and internet.
> So far , i' ve managed to send email from @myfomail.com to
> @mydomain.com , and from untrusted (internet) networks to
> @mydomain.com. But i cannot send from @mydomain.com to untrusted
> (internet) networks ( ie : @yahoo.com, @gmail.com).
What route is your mail supposed to take?
Inbound: I-net --> MX --> LAN-MTA
DMZ-MTA
Outbound: Client --> LAN-MTA --> Smarthost --> I-net
DMZ-MTA
Which server hosts your users' mailboxes?
> My DMZ Postfix postconf -d:
[...]
> And the LAN Postfix postconf -d :
Please post the output of "postconf -n" (-d will report the defaults,
which won't help much). Also please refrain from obfuscating things
unless you know exactly what you're doing.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
