[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Exim and SMTP on an internet gateway


Tim Sailer wrote:

Now, we have a split-dns setup, so the hosts/IPs seen outside our
firewall don't actually point to the real machines in most cases,
and the SMTP gateway uses our internal DNS, so knows how to deliver
mail properly. Without split DNS, you can do this with creative use
of /etc/hosts (I think) but DNS/MX would do the job for you.

WARNING! If you go that way without further bastioning, you will create an open relay - and thus be blackholed faster than you could imagine.
Make sure, that mail ONLY is accepted if it (exclusively) either
	1.) comes from LAN and goes out
	2.) comes from outside and goes to LAN

Usually MTAs look at MX records for mail delivery, so you won't be able to use /etc/hosts for fudging - that file only can do A/PTR entries (DNS-wise speaking).


Volker Tanger
IT-Security Consulting

discon gmbh
Wrangelstraße 100
D-10997 Berlin

fon    +49 30 6104-3307
fax    +49 30 6104-3461


Reply to: