OT: Setting up a forwarding mail domain in DMZ without pinhole.

Gary Allen Vollink gvfedora at corvu.com
Sun Aug 22 15:38:09 UTC 2004


Sanjay,

This is my first post here.

I've been following this thread through the archives, and while a great 
deal of your requirement is that you don't want to create a pin-hole.  
It occurs to me the that you (or someone else following this thread, 
looking for a similar solution) may not know that it's possible to open 
directed pin-holes - an opening on a firewall that is only accessible 
from a single IP address.  This in conjunction with a non-standard SMTP 
port set-up (say port 2525), and you've got full function SMTP without 
the need to set up a laborious batch-transfer.

For details on how to set up a directed pin-hole, look at the Fedora 
(and RedHat 9) NTP time sync.  Under Core 2 : /etc/rc.d/init.d/ntpd 
start reading at line 67.

Thanks,
Gary Allen Vollink
--
Admin/User of Fedora Core 2 for a week.
Admin/User of RedHat EL ES v 3 for 7 months.
Admin/User of various RedHat dists since 1999.


Sanjay Arora wrote:

>On Sun, 2004-08-22 at 19:49, Tom Diehl wrote:
>
>  
>
>>>pretty easy to do this if not exactly the way you want, setup your dmz
>>>machine to answer for your domains(mx), then use transport maps to send
>>>all mail for those domains to your specified host. This is with postfix,
>>>postmap transport after your finished.
>>>http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall
>>>      
>>>
>>Ummmm, the OP said he was using qmail, didn't he?
>>    
>>
>
>Well, yes...I do use qmail...have been using it for a few years because
>I feel its more secure (than sendmail)...dont know anything about
>postfix.
>
>But am really amazed to hear about this feature of postfix and look for
>a qmail implementation of this....though I dont think any exists.
>
>Qmail is quite granular and should be able to handle anything...at least
>thats what I thought ;-) Anyone know of any implementation of transport
>maps similar to postfix, implemented with qmail?
>
>Idea in itself is quite good...and does enable to keep mail (not in
>transit) behind the firewall. Comments please. Anybody?
>
>One learns something everyday...no matter how idiotic his original
>curosity ;-)
>
>Ciao.
>Sanjay.
>
>
>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040822/0f0ca591/attachment-0001.htm>


More information about the fedora-list mailing list