Date: Mon, 6 Jan 2003 06:59:08 -0500 From: "Dennis Mathiasen" <dennis@deerfieldhosting.com> To: <jonr@destar.net> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: Internal mail server Message-ID: <NFBBLPGAMKGJPAINGIJKKEHBECAA.dennis@deerfieldhosting.com> In-Reply-To: <2811.192.168.1.1.1041815684.squirrel@www.destar.net>
next in thread | previous in thread | raw e-mail | index | archive | help
jonr@destar.net Wrote: > Thanks to all who have given me advice on this > question. I hope most of > you will be up at around 2:30am Alaska time as > this is when I will > probably run into my errors and questions. 8^) I > have my O'reilly DNS and > Bind book and Gregs FreeBSD Handbook plus I can > use sample configs from my > own dns server and any other doc I can find. If > any one else has more > suggestions I would appreciate any and all. I > have to try and have this > setup by Monday morning and will use every > reference I can find. Thanks > again, signing up to this list has been a godsend to me. I've done this many times for clients' internal email. It's a way to keep internal mail private when combined with a firewall. But you don't need a firewall to have it work. Use a made up TLD (Top Level Domain). It won't interfere with anything in DNS that way. For example, 'hostname.inside' where the TLD is '.inside' or '.intra' for a local intranet. Just make sure that the DNS server has no slaves. You might set it up on the same box as the mail server for simplicity. Include some forwarders in named.conf and it will serve perfectly well for all DNS queries to outside too, with the bonus that you'll get some saving in outside traffic due to its' cache. Set the clients DNS to that server. Create user accounts as username@hostname.inside on the server. That's about it. You might want to make the point to your class that using their .inside address as a reply-to will only work when sent to other .inside email addresses. If somebody outside replies, obviously it will bounce. Understanding this is useful for people getting a grasp of how it all works at a conceptual level. Some people want only keystrokes and rules. They get terrified when told more (you see blank glassy-eyed stares), but this isn't difficult stuff. To call the TLD you make up fake isn't quite right. In a network logic sense, it's just as real as any other. The only difference is that only clients pointed at the DNS server that contains it will see it. Out on the larger Internet there is a structure in place that eventually points you to appropriate DNS servers for particular domains. In this case we're simply using our own little structure and private domain as a supplement. This point is political too. Dennis Mathiasen dennis@deerfieldhosting.com -------------------------------------------- Deerfield Hosting - High Performance Hosting http://DeerfieldHosting.com?ref=sig -------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NFBBLPGAMKGJPAINGIJKKEHBECAA.dennis>