From owner-freebsd-questions Fri Jun 7 15:25: 6 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.ipsnetwork.net (mail.ipsnetwork.net [209.202.83.5]) by hub.freebsd.org (Postfix) with ESMTP id 7B7DF37B408 for ; Fri, 7 Jun 2002 15:24:57 -0700 (PDT) Received: (from apache@localhost) by mail.ipsnetwork.net (8.11.1/8.11.1) id g57MQSc98623; Fri, 7 Jun 2002 18:26:28 -0400 (EDT) Date: Fri, 7 Jun 2002 18:26:28 -0400 (EDT) Message-Id: <200206072226.g57MQSc98623@mail.ipsnetwork.net> From: "Nathan Vidican" <> To: questions@freebsd.org Reply-To: nathan@vidican.com Subject: need a (less) elaborate, more economical solution (sendmail relaying control) X-Mailer: NeoMail 1.24 X-IPAddress: 216.8.133.71 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Allright, here's the scenario: We're running two machines to do the task one should be more than capable of handling. Personally I'd like to put them all on one machine, but not at the cost of large and painful configuration changes. The first machine, (which primarily acts as a mail and web server), currently controls who can send email beyond that of the inner office domain by use of the relay-domains feature for sendmail, (only the IP addresses which can send out of the building are put into the table, since the domain is local to the machine all other traffic is not relayed and thus goes through anyhow). The machine runs one two networks, the internal and the internet. All machines are currently statically configured, and dhcp is becoming more of a requirement than an option due to the constant moving/reconfiguring of internal nodes. The second machine also resides on both networks, and runs squid and natd. The sole use of the machine is to route internet traffic for the office. I'd like to dispose of this machine, (currently a much older 486DX2 machine). Both machines connect to a small workgroup hub, which intern connects them to the router (Cisco box), and the router routes a small (/30) subnet to the two machines. We're looking to upgrade to an ADSL- based solution, and utilize a PC for the actual routing (as the older Cisco box is not modular and would be incapable of doing so). 1 - Update the mail server with some more powerful hardware, and update to newer software releases, (FreeBSD, sendmail, apache, and mysql mostly). 2 - run natd functions and squid from this same machine to the internal network and finally, route the remander of a /29 subnet through to a third network (the small workgroup hub). The third network will be used for other machines which require an public IP address. 3 - find another means by which to control the ability to relay through sendmail, (which is not controlled by IP addressing). Ideally I'd like to force outgoing smtp authentication, and allow or deny relaying based on username. 4 - implement network-wide dhcp configurations to centralize the management of IP addresses, and implement a blanket firewall policy, (as opposed to the current per-ip configuration - which btw is massive by the time it's done) I know HOW to do most of what I mention, with the exception of the sendmail relaying configuration, (mostly because I've never tried anything like it before). Just looking for feedback and general ideas or comments before I move on into something that could be accomplished more easily. In the end I need to be able to configur all machine via dhcp, allow or deny mail relaying by username, and last but not least: combine resources into one (faster) more dependable machine. All comments/constructive criticism/suggestions/shared experiences/ideas welcome and appreciated; but please reply directly and CC' the list, (or vise-versa), as I am no longer subscribed to the general list. -- Nathan Vidican Nathan@Vidican.com http://Nathan.Vidican.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message