Re: CAll for standard bastion smtp: ssmtp

	Henry Hollenberg     speed@barney.iamerica.net 

On Tue, 3 Mar 1998, Hubert Weikert wrote:

> On Tue, 3 Mar 1998, Tommi Virtanen wrote:
> > 	I thought ssmtp is only for local -> smarthost? Certainly this
> > 	would do no good for mail routing.
> Exactly this is true. It is simple mail-forwarder.
> It is only usable on a bastion if the bastion does not deliver mail.
> For sending messages from the bastion to inside it could be the best
> choice.
> > 	I personally would opt for qmail on the firewall. I know it's not
> > 	freely distributable, but it's the best. Please remember to keep
> > 	an option open for the local sysadmin to change things like this if
> > 	he so wishes.
> A MTA is only one block of debwall. Some different packages with different
> functionalities should fit in this place.

>From what I understand the bastion will recieve all mail for the
network/firewall....then immediately forward the mail to a mail hub
residing on a host on the internal (protected) network.  This system will
then distribute the mail to all the internal hosts.

There should be no need to hold and read mail on the bastion or on packet
filter A or B.

In light of this dynamic....could not ssmtp handle simply forwarding all
mail to one system?

Firewall Architecture = screened subnet:

inet pipeline50 -- paket filter A -----hub------ paket filter B - LAN   .2	       .3      .5     |
                                                      mail_hub ----+ 
                                                      smail vs.
                                                      qmail vs.
                                                   sendmail vs.

Could set up a TIS ftk type setup on the internal mail hub as extra
protection also.

