Date: Thu, 22 Oct 1998 20:19:38 +0200 From: Juergen Nickelsen <ni@tellique.de> To: Chad Thunberg <chadth@atvideo.com> Cc: freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: firewall + internal mail server Message-ID: <362F773A.AB9F196B@tellique.de> References: <000501bdfdde$1f5f53b0$ef2376cc@tarn.atvideo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chad Thunberg wrote:
> I am setting up a firewall and enabled natd but have an internal
> mail server. Is there a way to still be able to access the internal
> mail server from the outside for sending and receiving email?
[...]
> I would rather not put the mail server outside of the firewall.
Sure. What about putting a mail server for incoming mail on the
firewall host itself?
In a similar setup, I wanted the "real" mail server to be inaccessible
from the outside at all, because it contains critical data (e-mail
being only part of it). I use the firewall host (running FreeBSD) as
the external mail server, but it only forwards the mail to the
internal mail server.(*) The firewall also acts as FTP and WWW server,
but since the mail resides only for seconds on it, the risk is
minimized.
The internal mail server is able to go outside through the firewall to
deliver mail.
(*) Time being a scarce resource, I do this at the moment with an
alias entry for each internal mail address on the firewall host
("ni: ni@picasso.tellique.de"), so I didn't have to change the
sendmail configuration from the default.
As we are just a few people here yet, this is bearable, but for a
long-term solution I'll have to work out a sendmail configuration
where the mail exchanger for the domain delivers the mail to a
non-MX. I am sure there is a simple way, but I don't know it yet.
Greetings, Juergen.
--
Juergen Nickelsen <ni@tellique.de>
Tellique Kommunikationstechnik GmbH
Gustav-Meyer-Allee 25, 13355 Berlin, Germany
Tel. +49 30 46307-552 / Fax +49 30 46307-579
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?362F773A.AB9F196B>