[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sendmsil Q



On Thu, 05 Jul 2001 15:45:48 +0200, Alon Barzilai <alon@skyline.co.il> wrote:
> 
> is there a method to configure sendmail in a way, 
> that on one address/port it will have one set of relaying rules,
> and on another address/port it will have another ?
> 
> I have checkpoint firewall installed and remote users using pop with
> securemote. So I can set up sendmail to listen to 2 addresses, one
> from the outside world (everyone that send mail to my domain) and
> another address, through > securemote that will always relay.
> 
> how can I configure sendmail to do that ?
> or alternatively, is there a way to run 2 sendmails on the same
> machine ?
> I have sendmail 8.11.2 on RH 7.1.

You can do it with 2 sendmails if you listen with the normal one (the
sendmail which will permit relay only from local users) to port 25
(the normal SMTP port). The other sendmail (which will relay all
incoming mail to normal sendmail) should listen on any non standard
port that can be reached only by your securemote (i.e. protected by
your firewall). Listening to limited IP range (instead of 0.0.0.0)
will not work because the IP check is on the ORIGINATING IP (not on
the gateway IP).

Other possible solutions needs 2 machines or at least 2 NICs. The 2
machines arrangement is similar to 2 ports solution - one normal
sendmail and one open relay (reached only by your securemote).

For the 2 NICs solution you need the ability to route your securemote
connection to the 2nd NIC (either by giving it a different address or
by changing the routing table). Then you change the rewriting rules
for relaying (Scheck_relay) to allow all messages incoming through
this NIC (check ${if_addr} or ${if_name}).

The rewriting rules I suggest are of the form (assume eth1 for the
2nd NIC):
# check for interface name
R$*			$: < ${if_name} > $1
R< eth1 >  $*		$@ RELAY
R< $* > $*		$: $2

Ehud.


-- 
 Ehud Karni     Mivtach - Simon  Insurance   /"\
 Tel: +972-3-6212-757 Fax: +972-3-6292-544   \ /  ASCII Ribbon Campaign
 (USA) Fax and  voice  mail: 1-815-5509341    X   Against  HTML  Mail
     Better     Safe     Than     Sorry      / \
     mailto:ehud@unix.simonwiesel.co.il    http://www.simonwiesel.co.il

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il