Re: issues with redirecting SMTP
On Tue, Sep 26, 2000 at 05:10:09PM -0400, Paul Reavis wrote:
> perimeter network behind the firewall, and since I was using redir to
> redirect SMTP to it through the firewall from outside, the MTA was doing
> all its checking against the IP address of the firewall, not the outside
Did you run redir in transparent mode? I never set up a system using the
newer versions of redir, but I think it should be able to do that.
> It also makes me wonder what other services would suffer. I do use tcpd
> to wrap the redir command, so at least some protection is there, but if
> daemons on the perimeter box (which supplies www, ftp, and smtp) always
> think packets are coming from the firewall then they can't perform
> protocol-specific validation that depends on the origin IP address.
Right. That's why you should use tranparency whenever possible. As for ftp
I'd recommend using a proxy anyway.
> 1) should I be using a forward-only SMTP server at the firewall, rather
> than port forwarding?
That in fact is what I used to do most of the time, because redir wsn't
doing more than pure redirection at that time. Well, I still do this mostly
as many customers have M$ Exchange as a MTA and I don't to be this to be
accessible from the internet, not even on port 25.
Go SF 49ers! Go Rhein Fire!
Use Debian GNU/Linux! Use PostgreSQL!