[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim & iptables



Hal wrote:

>I'm using Woody as a firewall with NAT to protect a small network that 
>includes a mail and web server on  an unregistered (192.168....) 
>network.  I'd like to configure the fw so that it can send mail alerts 
>to the users via the mail server on the protected net.  If I set 
>exim.conf to preclude all local machine delivery (i.e. force remote 
>delivery)

Why would you do that?  How do your local (intranet) users get their
mail?

> the messages don't get delivered (they are "frozen") since a 
>MX lookup by the firewall indicates that the firewall's registered 
>address is also the mail server's address.

Define the hosts (in Exim) on your local net as local.  For instance, my
local net is *.blues, and hosts etta, aretha, bessie, koko, and minnie
are host machines on that net.  Users' mail is sent to
koko/var/spool/mail/<username>, to be retrieved by each user.  I use
SSH, but you could also use POP3 or IMAP if you prefer.  If each host
has an MTA, you could deliver (push) to the appropriate host.

The delivery will never go to the firewall.  As I understand it, the FW
should maintain a separation between local and foreign nets.  It's not
supposed to let something in that comes from a local address.  After
all, it can't be local if it shows up on the outside trying to get in
:).

Please note that I'm not fluent in Exim nor FWs, but the general concept
should be correct, if not the detail.

>  The firewall rules include 
>a NAT rule for all smtp traffic to go to the internal server.
>
>Any suggestions on how to tell the firewall to send mail to the 
>internal mail server?  Is it an exim or firewall config issue?

Exim, I think.
-- 
gt          kk5st@sbcglobal.net
Oh, no!  Not ANOTHER security patch for IE!
They promised to stop at 4000.



Reply to: