MX record

[Ken Rossman]

On Friday, March 19, 2004, at 06:41 AM, Mike Burger wrote:
> On Fri, 19 Mar 2004 geeta at cdfd.org.in wrote:
>> We have firewall (used for natting) and inside our LAN only we have in
>> one machine where public IP natted to private IP the DNS server and 
>> email
>> server. Now I want to forward the emails to a different machine.
>
> If you want the world to be able to email you, it has to be a public 
> IP.
> It probably won't matter to your systems that live behind the 
> firewall, as
> they'll be configured to send mail to/retrieve mail from the machine on
> the private IP.
>
> But for the purposes of the outside world, the DNS that gets fed to 
> that
> outside world should be a public IP, and it should be nat'd back to 
> your
> private IP.

The thing to do if you want to have one or more mail hosts behind a 
firewall
is to turn the firewall machine into a mail relay/forwarder host.  
Then, that
machine is not responsible for directly dealing with mail spooling - it 
only
has to know that inbound mail should be routed to machine X inside the 
firewall,
and any mail coming from the inside network should be routed out to its
ultimate destination on the Internet.

The firewall machine's mail handler can also optionally filter spam and
do some virus scanning if you want...

The MX records for that domain then, of course, point to the firewall 
machine,
as previously noted.

K