Mail-Proxy
Dear All! I'm planning to use a linux a box as what I would call mail proxy. It should receive mail for our domain (caibon.com) from the internet and forward it to our MS Exchange Server, which is located behind the firewall due to security reasons. It should also receive mail from the intranet and forward it to the internet. I think I already found out to fix this second part, but I'm still having problems with the first. cheers Dorian Dorian Redak Manager IT Operations caibon.com
Re: Mail-Proxy
On Fri, Jan 05, 2001 at 12:03:36PM +0100, Redak, Dorian wrote: > It should also receive mail from the intranet and forward it to the > internet. I think I already found out to fix this second part, but I'm still > having problems with the first. Hi Dorian, On the linux box, put the domains it should act as a relay for into control/rcpthosts (and nowhere else!). Put :exchangeserver.yourdomain.com into control/smtproutes. man qmail-remote for info. on smtproutes. james -- James Raftery (JBR54) "Managing 4000 customer domains with BIND has been a lot like herding cats." - Mike Batchelor, on [EMAIL PROTECTED]
Re: Mail-Proxy
Am Freitag, 5. Januar 2001 12:03 schrieb Redak, Dorian: > Dear All! > > I'm planning to use a linux a box as what I would call mail proxy. It > should receive mail for our domain (caibon.com) from the internet and > forward it to our MS Exchange Server, which is located behind the firewall > due to security reasons. > It should also receive mail from the intranet and forward it to the > internet. I think I already found out to fix this second part, but I'm > still having problems with the first. Nothing easier than that: echo caibon.com >> /var/qmail/control/rcpthosts echo caibon.com:exchangeserverhostname >> /var/qmail/control/smtproutes Note: do NOT put caibon.com in locals. > cheers Dorian > > Dorian Redak > Manager IT Operations > caibon.com -- Henning Brauer | BS Web Services Hostmaster BSWS| Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg www.bsws.de| Germany
Re: Mail-Proxy
On Fri, Jan 05, 2001 at 11:09:27AM +, James Raftery wrote: > Put > :exchangeserver.yourdomain.com > into control/smtproutes. Thinko Alert! That should be yourdomain.com:exchangeserver.yourdomain.com in control/smtproutes. james -- James Raftery (JBR54) "Managing 4000 customer domains with BIND has been a lot like herding cats." - Mike Batchelor, on [EMAIL PROTECTED]
Re: Mail-Proxy
On Fri, Jan 05, 2001 at 12:13:06PM +0100, Henning Brauer wrote: > Nothing easier than that: > > echo caibon.com >> /var/qmail/control/rcpthosts > echo caibon.com:exchangeserverhostname >> /var/qmail/control/smtproutes And what is the format for using an IP address instead of the name of the exchange server? caibon.com:[1.2.3.4]? The reason I ask is that my EX server will be in the trusted side (three legged firewall) and will be using an IP address that will not be in the DNS. ../mk
Re: Mail-Proxy
On Fri, Jan 05, 2001 at 09:58:32AM -0500, Marc Knoop wrote: > And what is the format for using an IP address instead of the name of > the exchange server? caibon.com:[1.2.3.4]? Yep. james -- James Raftery (JBR54) "Managing 4000 customer domains with BIND has been a lot like herding cats." - Mike Batchelor, on [EMAIL PROTECTED]
Re: Mail-Proxy
Please I'm also intersted to your answer. 1) Is possible under the configuration mentionned, if my web site is installed on "mail proxy", and I want to use webmail (like IMP/Horde) to sent or get your messages using web site from anywhere. My Maildir is on mailexchanger in the Lan. You want to use IMAP and not POP3 for that purpose. I configurate My firewall to accept smtp, pop3, imap between the two machines. > > I'm planning to use a linux a box as what I would call > mail proxy. It > > should receive mail for our domain (caibon.com) from > the internet and > > forward it to our MS Exchange Server, which is located > behind the firewall > > due to security reasons. > > It should also receive mail from the intranet and > forward it to the > > internet. I think I already found out to fix this > second part, but I'm > > still having problems with the first. > > Nothing easier than that: > > echo caibon.com >> /var/qmail/control/rcpthosts > echo caibon.com:exchangeserverhostname >> > /var/qmail/control/smtproutes > > Note: do NOT put caibon.com in locals. Can You give an example of the content of each control file and for each machine? I think that there is a big luck of an explicite DOC with EXAMPLES of what each control file of the two machine must be. I beginning to write a detailled DOC on this subject that I well render accessible to everyone. But still had a doubt on certains control file contents. Thanks to Greg, Dave among many other who helping me to fixe this relatively new secure mail architecture. __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/
Re: Mail-Proxy
Am Freitag, 5. Januar 2001 20:43 schrieb Ould: > Please I'm also intersted to your answer. > > 1) Is possible under the configuration mentionned, if my > web site is installed on "mail proxy", and I want to use > webmail (like IMP/Horde) to sent or get your messages using > web site from anywhere. My Maildir is on mailexchanger in > the Lan. You want to use IMAP and not POP3 for that > purpose. I configurate My firewall to accept smtp, pop3, > imap between the two machines. If your webmail software uses IMAP to access the maildirs, it can run anywhere as long as it can reach the server where the mail is stored via IMAP. Note that the qmail installation in the case mentioned below is only a forwarder, theres not a single mail stored, is this case you'll need IMAP access to the exchange shit. > Can You give an example of the content of each control file > and for each machine? ??? on the mail-"proxy" you need as always "me" - and the lines above. thats all. the actual mailserver needs an qmail installation as usual, except echo ":yourmailproxieshostname" > smtproutes to forward all mails to your mail-"proxy". > I think that there is a big luck of an explicite DOC with > EXAMPLES of what each control file of the two machine must > be. hmmm. when i started with qmail long time ago i had no problem with the existing documentation. > I beginning to write a detailled DOC on this subject that I > well render accessible to everyone. But still had a doubt > on certains control file contents. I'm not sure if this is needed - but as qmail seems to be used by less experienced admins more and more i maybe of help. > Thanks to Greg, Dave among many other who helping me to > fixe this relatively new secure mail architecture. hmmm... relatively new... relative to the IBM PC it is new ;-)) -- Henning Brauer | BS Web Services Hostmaster BSWS| Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg www.bsws.de| Germany
Re: Mail-Proxy
On Fri, Jan 05, 2001 at 11:43:11AM -0800, Ould wrote: > > 1) Is possible under the configuration mentionned, if my > web site is installed on "mail proxy", and I want to use > webmail (like IMP/Horde) to sent or get your messages using > web site from anywhere. Well, in the mentioned configuration there wouldn't be any mail on "mail proxy". As soon as it receives a message, it is passed on to either the EX server or the Internet. It'd essentially play 'hot potatoe' with incoming/outgoing mail. If you're thinking about web access to the EX server, why not use the one that comes with it? Then you don't have to muck around with configuring IMAP on the EX server (one less thing to go wrong). ../mk
Re: Mail-Proxy
Thank you Henning for reply. In my research to put architecture like this: Internet--Routeur--Fierwall--DMZ--fierwall--Lan | | Qmail Relay Qmail Lan I never find an explicitely DOC telling me: put in your me, rcphosts, locals, ... files of Qmail Relay blah, blah..., and in those of your Qmail Lan blah, blah,..., ET VOILA! and don't post to the mailing list a lot of mails dealing with this idea ;) I think that any begineer needs strongly DOCs like this and no getting a part of solution of his problem somtimes from you, Dave, Greg, and so on. But, I never find a detailled DOCS which do that. So, my goal is to make it available in the future. I had experienced several frustrations even with qmail installation, and want newbe's to avoid going "dans tous les sens"! Are you ready? About the architecture, I think that I'm true. I read recently several articles by consultants in security, architects,... about this subject (i.e. putting smtp relay in DMZ and real mail server in the Lan, and the appriate related fierwall configuration). This is not so older or frequent architecture as the IBM PC! Particularly with MTA like qmail. Another example: are you already seeing a DOCs tolking about how setting up a web based mail using qmail with the fameous IMP/Horde webmail whatever the emplacement of your web site (on the Relay or the Lan servers)? If you know it please inform me. Anyway I'm still looking for a complete list of control files from you :-( Cheers __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/
Re: Mail-Proxy
Am Samstag, 6. Januar 2001 04:06 schrieb Ould: > Thank you Henning for reply. > > In my research to put architecture > like this: > > Internet--Routeur--Fierwall--DMZ--fierwall--Lan > > Qmail Relay Qmail Lan > > I never find an explicitely DOC telling me: put in your me, > rcphosts, locals, ... files of Qmail Relay blah, blah..., > and in those of your Qmail Lan blah, blah,..., ET VOILA! > and don't post to the mailing list a lot of mails dealing > with this idea ;) > I think that any begineer needs strongly DOCs like this and > no getting a part of solution of his problem somtimes from > you, Dave, Greg, and so on. But, I never find a detailled > DOCS which do that. So, my goal is to make it available in > the future. I had experienced several frustrations even > with qmail installation, and want newbe's to avoid going > "dans tous les sens"! Are you ready? As I've written: an experienced unix administrator won't have problems setting this up without an explicit documentation IMHO, but it looks like there are more and more people switching to unix and qmail the same time (ar lets say: trying to get qmail running without much unix knowledge and mail in general). Especially for those this could be a good help, so go on writing. > About the architecture, I think that I'm true. I read > recently several articles by consultants in security, > architects,... about this subject (i.e. putting smtp relay > in DMZ and real mail server in the Lan, and the appriate > related fierwall configuration). This is a common architecture. Not suitable for us as we are an ISP, but common and IMHO good. > This is not so older or > frequent architecture as the IBM PC! Particularly with MTA > like qmail. I just wouldn't call qmail new - the newest version is 1.03, qmail-1.03.tar.gz is dated june 1998. It is anyway modern ;-)) > Another example: are you already seeing a DOCs tolking > about how setting up a web based mail using qmail with the > fameous IMP/Horde webmail whatever the emplacement of your > web site (on the Relay or the Lan servers)? If you know it > please inform me. Yes. Read the documentation for courier-imap and the doumentation for IMP ;-)) I prefer sqwebmail anyway. > Anyway I'm still looking for a complete list of control > files from you :-( ---setup-qmail-proxy.sh--- #!/bin/sh if [ $# -ne 2 ]; then echo usage: $0 domain lanservershostname exit fi echo `hostname` > /var/qmail/control/me echo $1 > /var/qmail/control/rcpthosts echo $1:$2 > /var/qmail/control/smtproutes -- (not tested, but should be complete) > Do You Yahoo!? No. -- Henning Brauer | BS Web Services Hostmaster BSWS| Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg www.bsws.de| Germany
RE: Mail-Proxy
Sorry for the late reply and thanks a lot to all of you. My Exhcange Server f.. (sorry) up alot of message in the past few days, so I couldn't find your answers. Me as a not so exerienced but very convinced unix admin would really appreciate a documentation like this. It's not only that some admins are too unexperienced, sometimes it's also a question of time. cheers Dorian -Original Message- From: Henning Brauer [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 06, 2001 7:29 PM To: Ould Cc: [EMAIL PROTECTED] Subject: Re: Mail-Proxy Am Samstag, 6. Januar 2001 04:06 schrieb Ould: > Thank you Henning for reply. > > In my research to put architecture > like this: > > Internet--Routeur--Fierwall--DMZ--fierwall--Lan > > Qmail Relay Qmail Lan > > I never find an explicitely DOC telling me: put in your me, > rcphosts, locals, ... files of Qmail Relay blah, blah..., > and in those of your Qmail Lan blah, blah,..., ET VOILA! > and don't post to the mailing list a lot of mails dealing > with this idea ;) > I think that any begineer needs strongly DOCs like this and > no getting a part of solution of his problem somtimes from > you, Dave, Greg, and so on. But, I never find a detailled > DOCS which do that. So, my goal is to make it available in > the future. I had experienced several frustrations even > with qmail installation, and want newbe's to avoid going > "dans tous les sens"! Are you ready? As I've written: an experienced unix administrator won't have problems setting this up without an explicit documentation IMHO, but it looks like there are more and more people switching to unix and qmail the same time (ar lets say: trying to get qmail running without much unix knowledge and mail in general). Especially for those this could be a good help, so go on writing. > About the architecture, I think that I'm true. I read > recently several articles by consultants in security, > architects,... about this subject (i.e. putting smtp relay > in DMZ and real mail server in the Lan, and the appriate > related fierwall configuration). This is a common architecture. Not suitable for us as we are an ISP, but common and IMHO good. > This is not so older or > frequent architecture as the IBM PC! Particularly with MTA > like qmail. I just wouldn't call qmail new - the newest version is 1.03, qmail-1.03.tar.gz is dated june 1998. It is anyway modern ;-)) > Another example: are you already seeing a DOCs tolking > about how setting up a web based mail using qmail with the > fameous IMP/Horde webmail whatever the emplacement of your > web site (on the Relay or the Lan servers)? If you know it > please inform me. Yes. Read the documentation for courier-imap and the doumentation for IMP ;-)) I prefer sqwebmail anyway. > Anyway I'm still looking for a complete list of control > files from you :-( ---setup-qmail-proxy.sh--- #!/bin/sh if [ $# -ne 2 ]; then echo usage: $0 domain lanservershostname exit fi echo `hostname` > /var/qmail/control/me echo $1 > /var/qmail/control/rcpthosts echo $1:$2 > /var/qmail/control/smtproutes -- (not tested, but should be complete) > Do You Yahoo!? No. -- Henning Brauer | BS Web Services Hostmaster BSWS| Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg www.bsws.de| Germany
Mail-Proxy. Ould have you write the mini-howto?
I read January thread about Ould wanted to write a mini-howto about how to configure qmail to act as a mail-proxy. Ould, I wonder if you write this howto or anybody did it. If so, please let me know. Cordially Alejandro
Re: Mail-Proxy. Ould have you write the mini-howto?
Alejandro Fernandez([EMAIL PROTECTED])@2001.07.28 21:46:59 +: > I read January thread about Ould wanted to write a mini-howto about how > to configure qmail to act as a mail-proxy. > > Ould, I wonder if you write this howto or anybody did it. - install qmail - put system's hostname in 'me' - put the domains you accept inbound mail for in 'rcpthosts'/'morercpthosts' - put local system name in 'smtproutes' without right side: my.box.com: - put the target host ip (speak: exchange server) in 'smtproutes' without left side: :1.2.3.4 - put the intranet mailserver in smtpd tcpserver control file: 1.2.3.4:allow,RELAYCLIENT="" - fire up qmail and smtpd files in '' are in /var/qmail/control did i miss anything? /k > > If so, please let me know. > > Cordially > Alejandro > -- > UNiX *IS* user friendly. It's just selective about who it's friends are. KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- [EMAIL PROTECTED] GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 Please do not remove my address from To: and Cc: fields in mailing lists. 10x PGP signature
