Re: Secure Delivery between MTA and MDA

To: Debian-ISP <debian-isp@lists.debian.org>
Subject: Re: Secure Delivery between MTA and MDA
From: Theodore Knab <tjk@annapolislinux.org>
Date: Fri, 15 Oct 2004 10:53:12 -0400
Message-id: <[🔎] 20041015145312.GB9542@annapolislinux.org>
In-reply-to: <[🔎] 416EFBC1.4000801@orcon.net.nz>
References: <[🔎] 416EFBC1.4000801@orcon.net.nz>

Just setup Postfix as an MTA on your MDA server with TLS enabled.

This may seem complicated, however it can be fairly simple.

You can have all email scanned/relayed through a gateway mail-server.

The internal MTA can be firewalled to prevent other connections from using it.

Additionally only dns and trasport modifcatinion need to be messed with, I think.

Here is a working example :)

MX record:

imap2:/var/imap# host -t mx someplace.com     
--------------------------------
someplace.com            MX      3 ruby.someplace.com
someplace.com            MX      2 espresso.someplace.com

Internal MDA runs postfix as a MTA:
--------------------------------

imap2:cat /etc/postfix/transport
--------------------------------
imap.someplace.com  local:[imap.someplace.com]
someplace.com       local:[imap.someplace.com]
*  :[smtp.someplace.com] 

External MTA runs Postfix also:
--------------------------------
cat /etc/postf/transport
someplace.com         smtp:[imap.someplace.com]
imap.someplace.com    smtp:[imap.someplace.com]


* Note, you could also use NFS, but email messages might be lost if the connection is lost.

On 15/10/04 11:20 +1300, Simon Buchanan wrote:
> We are setting up mail services to service a small ISP (-2000 Mail 
> boxes) using postfix and DBmail, which we have configured and working 
> well. The MTA (postfix with spam/virus) sits on a pairing exchange 
> (along with a web server)... we are connected to the Internet from the 
> pairing exchange via a 100Mbit connection. From the exchange to our NOC 
> is a 5Mbit pipe. The MDA (postfix/DBMail) sits in off our NOC.
> 
> What i want to do is setup some sort of secure transfer between the MTA 
> and MDA. In theory the only traffic that is comming into the MDA is 
> correctly filtered mail.. Outgoing is a different story and not an issue 
> here.
> 
> The MDA is sitting in its own DMZ behind a Borderware firewall.
> 
> Suggesions for/against/other are welcome (please!)....
> 
> Regards,
> 
> Simon
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org
> 

-- 
------------------------------------------
Ted Knab
Chester, Maryland  21619 USA
------------------------------------------
The perception of knowledge is an egotistical farce in which
primates extrapolate an understanding of human existance.
Existance itself is transient state that passes upon death. Like
material gain, the knowledge gained in life is completely useless
at the time of death. Not even the knowlege of death itself will save you.
Thus, enjoy your transient existance for death is believed to be 
hastily approaching.
        -- an unknown smartass

Reply to:

References:
- Secure Delivery between MTA and MDA
  - From: Simon Buchanan <nmc@orcon.net.nz>

Prev by Date: Re: why multicasting is working?
Next by Date: Re: why multicasting is working?
Previous by thread: Re: Secure Delivery between MTA and MDA
Next by thread: why multicasting is working?
Index(es):
- Date
- Thread