Hi,
I have mostly a simular problem, this seems to be a hard
problem. I beneficied of helps of several people but have
stil some problems.
In my case I have mail relay in DMZ and mail server in LAN.
[internet]-----[Routeur]-----[DMZ]----[Firewall]-----[LAN]
without setting a firewall all work fine. But when setting
firewall, I can only sent (outcoming messages), but no
incoming ones can reach to me. My relay does not stock
messages, it forward them directly to the local mail one.
Is a simular fierwall with only two cards is appropriated?
Can it communicate in the two senses (in/out)?
What I must doing in order to let it works in the two
sense?
Thanks for any helps.
--- Jean Caron <[EMAIL PROTECTED]> a écrit : >
> Hi folks,
>
> It's been a while since I had to even think of qmail (it
> really runs that
> good!).
>
> But now I need to change my network architecture, and I
> would appreciate
> some help with a few things.
>
> First question, I have to move my mail server behind my
> firewall (it was
> in front until now). My goal is to have the firewall
> accept all mail for
> the domain, and forward "everything" "as is" to the mail
> server, inside.
> A dumb relay, is all I need. I believe
> (from looking up my notes and searching the archive) that
> I have to create
> a control/smtproutes file containing ":<my mail server's
> IP>" on the
> firewall. As for the control/rcpthosts file, does it
> suffice to put
> "mydomain.com:<my mail server's IP>" or do I need a list
> of machine names,
> ie: "mail.mydomain.com:<my mail server's IP>", etc...
> Then, what's needed
> in control/locals, control/me and control/virtualdomains
> (I have no
> virtual domain), only the firewall's hostname (except for
> virtualdomains)?
>
> On my mail server itself, all I do is create
> control/smtproutes and put it
> the following; ":<my firewall's IP>" ?
>
> I am using both tcpserver and tcprules on the firewall
> already. The rule
> was to relay from any host inside to the mail server. It
> still needs to
> relay... but what should be in there exactly now ? Like I
> started by
> saying, it's been a while...
>
> Am I missing anything to get this show on the road ?
>
> [private network + mail server] <==> [firewall] <==> [big
> bad Internet]
>
> And on a different note, I've been looking for a web
> interface which would
> work nicely with qmail (Pine is nice, but not nice
> enough). Oh BTW, and
> I guess at this point I should confess to still be using
> Mailbox
> format. I know I should start by doing something about
> that, yet I
> don't know where to start. Most web interfaces I've
> looked at required
> me to move to maildir. Any suggestions ? (I know...move
> to maildir,
> right?) Ok, say I do, which package should I then use ?
> How hard is it to
> move to maildir ? A good procedure would come handy at
> this point...
>
> Sleeves are rolled up, here comes my w/end qmail
> refresher course.
>
> Thanks,
>
> Jean
> -
> Jean Caron
> Network Security Consultant
> NORAC inc. - Network Optimization Research & Analysis
> Canada
> Quebec, Canada
> (613) 277-6672
>
>
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
