Here's something that might make it easier on everybody if you have
control of the mailserver/firewall.
Consider this rule:-
/sbin/iptables -t nat -A PREROUTING \
-i $LAN_IF -p tcp \
--dport 25 \
-d ! 192.168.0.0/16 \
-j REDIRECT --to-ports 25
The second last line probably isn't needed, except if you terminate a
bunch of VPN's. IE don't do the NAT if it's going from one of your LAN's
to another of your LAN's.
Essentially what happens here is the firewall traps any outgoing SMTP
traffic and redirects it to it's local MTA which presumably allows hosts
on the LAN to use it as a smart host (ie permits relaying).
So how's this work? well whatever IP, hostname or whatever is looked up by
the sending mail client (or it's local MTA even) it ends up going via the
firewall's MTA regardless. The firewall's MTA then uses whatever site
policy is appropriate AND because it's receiving the message then relaying
it the HELO/EHLO handshake will be correct. This also ensures that all
emails from the site are logged - even if some nasty virus thingy managed
to send it.
On Wed, August 9, 2006 11:58 am, Peter Miller wrote:
> On Wed, 2006-08-09 at 11:22 +1000, Jobst Schmalenbach wrote:
>> On Wed, Aug 09, 2006 at 08:14:40AM +1000, Peter Miller
>> ([EMAIL PROTECTED]) wrote:
>> > Is there any elegant way to have a laptop DHCP client have its
>> sendmail
>> > configured properly? In all the cases I have to deal with, my laptop
>> is
>> > a DHCP client is behind a NAT firewall.
>>
>> in sendmail.mc:
>>
>> define(`SMART_HOST',`YOUR_ISP_UPSTREAM_MAILSERVER')
>>
>> then do a make in /etc/mail and restart sendmail
>
> I'm not getting it, this morning.
>
> In my case, the value of YOUR_ISP_UPSTREAM_MAILSERVER depends on which
> firewall I'm behind, since all the ISPs in question gate client
> connections as being from their own customers' IP addresses, not the
> whole Internet. So one size definitely doesn't fit all.
>
> Are you suggesting I need to edit sendmail.mc every time I boot the
> machine? Is there a way to automagically have the DHCP client daemon
> run a script to do it, instead? Has this already been done, in a Debian
> package? How does the script get the right value for
> YOUR_ISP_UPSTREAM_MAILSERVER from the DHCP server?
>
>
> --
> Regards
> Peter Miller <[EMAIL PROTECTED]>
> /\/\* http://www.canb.auug.org.au/~millerp/
>
> PGP public key ID: 1024D/D0EDB64D
> fingerprint = AD0A C5DF C426 4F03 5D53 2BDB 18D8 A4E2 D0ED B64D
> See http://www.keyserver.net or any PGP keyserver for public key.
> --
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
--
---<GRiP>---
Electronic Hobbyist, Former Arcadia BBS nut, Occasional nudist, Linux
Guru, SLUG President, AUUG and Linux Australia member, Sydney
Flashmobber, Tenpin Bowler, BMX rider, Walker, Raver & rave music lover,
Big kid that refuses to grow up. I'd make a good family pet, take me home
today!
Some people actually read these things it seems.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
