Re: Exim and SMTP on an internet gateway

To: Tim Sailer <sailer@bnl.gov>
Cc: David Knudsen <dknudse@online.no>, debian-firewall@lists.debian.org, debian-user@lists.debian.org
Subject: Re: Exim and SMTP on an internet gateway
From: Volker Tanger <volker.tanger@discon.de>
Date: Fri, 01 Nov 2002 16:30:53 +0100
Message-id: <[🔎] 3DC29E2D.8010209@discon.de>
References: <[🔎] 20021101090308.GA8397@online.no> <[🔎] 20021101145802.GA3149@bnl.gov>

Greetings!

Tim Sailer wrote:


Now, we have a split-dns setup, so the hosts/IPs seen outside our
firewall don't actually point to the real machines in most cases,
and the SMTP gateway uses our internal DNS, so knows how to deliver
mail properly. Without split DNS, you can do this with creative use
of /etc/hosts (I think) but DNS/MX would do the job for you.

WARNING! If you go that way without further bastioning, you will createan open relay - and thus be blackholed faster than you could imagine.

Make sure, that mail ONLY is accepted if it (exclusively) either
	1.) comes from LAN and goes out
	2.) comes from outside and goes to LAN

Usually MTAs look at MX records for mail delivery, so you won't be ableto use /etc/hosts for fudging - that file only can do A/PTR entries(DNS-wise speaking).


Bye

Volker Tanger
IT-Security Consulting

--
discon gmbh
Wrangelstraße 100
D-10997 Berlin

fon    +49 30 6104-3307
fax    +49 30 6104-3461

volker.tanger@discon.de
http://www.discon.de/

Reply to:

References:
- Exim and SMTP on an internet gateway
  - From: David Knudsen <dknudse@online.no>
- Re: Exim and SMTP on an internet gateway
  - From: Tim Sailer <sailer@bnl.gov>

Prev by Date: Re: Exim and SMTP on an internet gateway
Next by Date: Re: Mozilla/Konqueror + Kaffe JVM?
Previous by thread: Re: Exim and SMTP on an internet gateway
Next by thread: Re: Exim and SMTP on an internet gateway
Index(es):
- Date
- Thread