|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Is this possible with postfix?
From: Ari Gordon-Schlosberg (regs
nebcorp.com)Date: Fri Mar 03 2000 - 16:57:04 CST
- Next message: Brad Knowles: "RE: Some questions on postfix, SUMMARY"
- Previous message: Wietse Venema: "Re: Is this possible with postfix?"
- In reply to: Wietse Venema: "Re: Is this possible with postfix?"
- Next in thread: Daniel Roesen: "Re: Is this possible with postfix?"
- Next in thread: Parkhaev Vladimir: "Re: Is this possible with postfix?"
- Reply: Ari Gordon-Schlosberg: "Re: Is this possible with postfix?"
- Reply: Daniel Roesen: "Re: Is this possible with postfix?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Wietse Venema <wietseporcupine.org>]
> > Hm, if I am not mistaken, with MX record pointing to external host,
> > the flow of traffic will be as follows:
> >
> >
> > +--------+ +----------+ +----------+
> > Internet ---->| Public |---->| Internal |-------> | Internal |
> > <----| SMTP |<----| SMTP | ------ | Client |
> > +--------+ +----------+ | +----------+
> > ^ |
> > |_______________________|
>
> That depends on how internal clients are set up. If you have a
> router between external and internal host, then you can prevent
> internal hosts from going to the external machine.
>
> In order to make this work smoothly you use a split DNS setup.
>
> - The internal host runs the internal DNS with an MX record that
> points to the internal host, and forwards other queries to the name
> server on the external host which talks to the internet.
>
> - The external host runs the external DNS with an MX record that
> points to the external host. The external host may have a resolv.conf
> file that points to the internal machine, in which case you can
> avoid the use of a transport table in the example above.
>
> This is a standard example in firewalls books.
Isn't this getting a little too complex? The internal client should never
bypass its assigned SMTP host, just because the MX record points to another
machine. That's the job of the SMTP host to handle, no? e.g. Replace
internal client with "Outlook Express" and set its SMTP server to be "Internal
SMTP" in its config. It shouldn't where the mail is going, all outgoing
mail from Outlook Express will go through Internal SMTP.
Or is there some extra voodoo to MX records that I'm not aware of? Seems
to me that while split DNS is needed for other reasons, it's not important
in terms of the mail setup.
-- Ari there is no spoon ------------------------------------------------------------------------- http://www.nebcorp.com/~regs/pgp for PGP public key
- Next message: Brad Knowles: "RE: Some questions on postfix, SUMMARY"
- Previous message: Wietse Venema: "Re: Is this possible with postfix?"
- In reply to: Wietse Venema: "Re: Is this possible with postfix?"
- Next in thread: Daniel Roesen: "Re: Is this possible with postfix?"
- Next in thread: Parkhaev Vladimir: "Re: Is this possible with postfix?"
- Reply: Ari Gordon-Schlosberg: "Re: Is this possible with postfix?"
- Reply: Daniel Roesen: "Re: Is this possible with postfix?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]