From owner-freebsd-questions  Thu Oct 22 11:20:38 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA03417
          for freebsd-questions-outgoing; Thu, 22 Oct 1998 11:20:38 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from picasso.tellique.de (big-gw.tellique.de [195.126.133.179])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA03408;
          Thu, 22 Oct 1998 11:20:35 -0700 (PDT)
          (envelope-from ni@tellique.de)
Received: from tellique.de (nolde.tellique.de [62.144.106.52])
	by picasso.tellique.de (8.8.8/8.8.8) with ESMTP id UAA23321;
	Thu, 22 Oct 1998 20:19:39 +0200 (MET DST)
Message-ID: <362F773A.AB9F196B@tellique.de>
Date: Thu, 22 Oct 1998 20:19:38 +0200
From: Juergen Nickelsen <ni@tellique.de>
Organization: Tellique Kommunikationstechnik GmbH
X-Mailer: Mozilla 4.07 [en] (WinNT; U)
MIME-Version: 1.0
To: Chad Thunberg <chadth@atvideo.com>
CC: freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject: Re: firewall + internal mail server
References: <000501bdfdde$1f5f53b0$ef2376cc@tarn.atvideo.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Chad Thunberg wrote:

> I am setting up a firewall and enabled natd but have an internal
> mail server. Is there a way to still be able to access the internal
> mail server from the outside for sending and receiving email?
[...]
> I would rather not put the mail server outside of the firewall.

Sure. What about putting a mail server for incoming mail on the
firewall host itself?

In a similar setup, I wanted the "real" mail server to be inaccessible 
from the outside at all, because it contains critical data (e-mail
being only part of it). I use the firewall host (running FreeBSD) as 
the external mail server, but it only forwards the mail to the
internal mail server.(*) The firewall also acts as FTP and WWW server, 
but since the mail resides only for seconds on it, the risk is
minimized.

The internal mail server is able to go outside through the firewall to
deliver mail.

(*) Time being a scarce resource, I do this at the moment with an
    alias entry for each internal mail address on the firewall host
    ("ni: ni@picasso.tellique.de"), so I didn't have to change the
    sendmail configuration from the default.

    As we are just a few people here yet, this is bearable, but for a
    long-term solution I'll have to work out a sendmail configuration
    where the mail exchanger for the domain delivers the mail to a
    non-MX. I am sure there is a simple way, but I don't know it yet.

Greetings, Juergen.

-- 
Juergen Nickelsen <ni@tellique.de>
Tellique Kommunikationstechnik GmbH
Gustav-Meyer-Allee 25, 13355 Berlin, Germany
Tel. +49 30 46307-552 / Fax +49 30 46307-579

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message