From owner-freebsd-net Tue Nov 17 20:15:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA14117 for freebsd-net-outgoing; Tue, 17 Nov 1998 20:15:14 -0800 (PST) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from mail.pinboard.com (mail.pinboard.com [194.209.195.7]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA14111 for ; Tue, 17 Nov 1998 20:15:12 -0800 (PST) (envelope-from Kurt@pinboard.com) Received: (from uucp@localhost) by mail.pinboard.com (8.9.1/8.9.1/19980920-01/KK) with UUCP id FAA01284; Wed, 18 Nov 1998 05:14:33 +0100 (CET) (envelope-from: Kurt@pinboard.com) Received: from beaver.pbdhome.pinboard.com ([192.168.0.7]) by squirrel.pbdhome.pinboard.com (8.9.1/8.9.1-19980817-01/KK) with SMTP id WAA10641; Tue, 17 Nov 1998 22:26:07 +0100 (CET) (envelope-from: Kurt@pinboard.com) Message-Id: <3.0.5.16.19981117215601.483f79b8@pop.pbdhome.pinboard.com> Organization: PINBOARD - http://www.pinboard.com/ X-Sender: kurt@pop.pbdhome.pinboard.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (16) Date: Tue, 17 Nov 1998 21:56:01 To: john cooper From: Kurt Keller Subject: Re: BIND/Mail/MX Question.. Cc: freebsd-net@FreeBSD.ORG In-Reply-To: <98Nov18.005806jst.21890@ns.isi.co.jp> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id UAA14112 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You should not expose the 192.168.* address to the outside. Hosts on the internet can not connect to it and might instead even try to connect to the internal 192.168.* hosts in their own intranet. The solution is to mention ws.isi.co.jp as the official mailhost and use sendmail rules to redirect mail for *.isi.co.jp to ms.isi.co.jp. ms.isi.co.jp itself needs some sendmail rule adjustments as well. If you are using BIND 8, it is possible to serve both, the internet and intranet from the same DNS server, provided you use a subdomain for the intranet. With BIND 8 it is easily possible to make info about certain domains only accessible to a certain IP range. Cheers, Kurt >For example, outside the firewall there are 202.214.* addresses >and inside 192.168.* addresses. Aside from the issue of exposing >... >The trouble I'm having is that if I use: > >isi.co.jp. IN MX 50 ms.isi.co.jp. ; local mail host > IN MX 100 ws.isi.co.jp. > >where ms.isi.co.jp's address is internal [192.168.*], mail >coming from outside our domain gets deflected to ws.isi.co.jp. >sitting on the external side of the FW [202.214.*]. > >As I understand, the MX record is required to relay mail from >the FW/DNS server to the internal mail server. However if >... >This seems to me to be a fairly normal thing to do. Would >someone kindly clue me in on the standard way this is solved? -- -------------------------------------------------------------------- ¦ Kurt@pinboard.com http://www.pinboard.com/ business ¦ ¦ http://www.pinboard.com/kurt/ private ¦ ¦--------------------------------------------------------------------¦ ¦ Unix and Internet Specialist ¦ -------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message