Re: Exim and SMTP on an internet gateway
On Fri, Nov 01, 2002 at 10:03:08AM +0100, David Knudsen wrote:
> I've been reading some docs and googled for answers, but still need help
> setting up exim (or another MTA, suggestions?) on our internet gateway.
> SHORT VERSION
> I want exim to accept inbound SMTP for our domain from the internet, and
> forward it to our internal mail server.
> I want exim to accept outgoing SMTP from our domain, and forward it to the
> ISP smarthost.
> Later I want to plug anti-virus and anti-spam tools into exim, to prevent
> unwanted emails from being sent or received. That is a question for another
> day, though.
> TECHNICAL DETAILS
> We have a simple local network, in the 10.0.0.0/24 address range that is
> standard for Microsoft Small Business Server networks.
> The server (server2.ourdomain.no) at 10.0.0.2 is running MS Exchange, which
> is our main mailserver.
> The gateway (gator.ourdomain.no, running Debian/stable) at 10.0.0.1 is
> running iptables and masquerading, as well as some proxies. The second NIC
> has a permanent, public IP and is connected to the DSL-router that provides
> our internet connection.
> All outgoing mail is sent via the smarthost provided by our ISP.
> It seems easy enough to make exim accept all mail for ourdomain and forward
> outgoing mail to the ISP smarthost. However, local delivery of mail to
> ourdomain is not what I need ... I want _that_ mail forwarded 10.0.0.2.
> Surely, this must be a common situation? Could someone please help me
> configure exim to do this, or point me at the right docs. Unfortunately,
> the docs at www.exim.org didn't mention this scenario. I'm sure that I
> could do this if I fully understood the exim docs, but alas - I have not
> fully digested them yet.
I have done this many places, and am doing exactly this here at BNL.
The machine smtpgw.bnl.gov is publicly advertised as a 'wildcard' MX
host for all BNL machince, meaning, all mail gets delivered to this
machine, when inbound to our facility. However, none of those machines
or subdomains are listed in the local_domains line it exim.conf. So,
this machine will take delivery as the MX host, look at each email,
say, "nope, this isn't mine" and try to deliver to the real machine.
Now, we have a split-dns setup, so the hosts/IPs seen outside our
firewall don't actually point to the real machines in most cases,
and the SMTP gateway uses our internal DNS, so knows how to deliver
mail properly. Without split DNS, you can do this with creative use
of /etc/hosts (I think) but DNS/MX would do the job for you.
Tim Sailer <firstname.lastname@example.org>
Information Technology Division
Brookhaven National Laboratory (631) 344-3001