> a control/smtproutes file containing ":<my mail server's IP>" on the
> firewall.
Actually, that would forward ALL mail - for your domain, or being
sent out from your domain! - to the internal server. You want
"mydomain.com:<my mail server's IP>" in smtproutes on the firewall.
> As for the control/rcpthosts file, does it suffice to put
> "mydomain.com:<my mail server's IP>" or do I need a list of
> machine names, ie: "mail.mydomain.com:<my mail server's IP>",
> etc...
You're confusing smtproutes syntax and rcpthosts syntax here. On
the firewall, you want "mydomain.com" in the rcpthosts file. If you also
intend to accept mail for hosts in your domain (i.e., mail.myodmain.com),
you can put them in one by one or wildcard them with ".mydomain.com". Make
sure MX records exist in global DNS pointing to firewall.mydomain.com for
any hosts or domains you want it to relay.
> Then, what's needed
> in control/locals, control/me and control/virtualdomains (I have no
> virtual domain), only the firewall's hostname (except for
> virtualdomains)?
control/locals should be empty; you are forwarding mail. If you
want mail for firewall.mydomain.com to stay on the firewall instead of being
forwarded, you can put that there (and make sure firewall.mydomain.com or
.mydomain.com is in rcpthosts).
control/me should be the firewall's hostname.
control/virtualdomains can be deleted.
> On my mail server itself, all I do is create
> control/smtproutes and put it
> the following; ":<my firewall's IP>" ?
Yes. Also add "mydomain.com" to rcpthosts and locals (and, again,
any hosts or wildcards you also want to accept mail for).
> I am using both tcpserver and tcprules on the firewall
> already. The rule was to relay from any host inside to
> the mail server. It still needs to relay... but what
> should be in there exactly now ? Like I started by
> saying, it's been a while...
That can stay as is, unless you want to tighten the rules so
outgoing mail can only come from the internal mail server. As long as the
internal mail server is allowed to relay in the existing rules, you're fine.
--
gowen -- Greg Owen -- [EMAIL PROTECTED]
SoftLock.com is now DigitalGoods!
