Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Help with email server setup & concepts....?
-
21-09-2001 1:08pm#1
Comments
-
-
Originally posted by dalk
(Yes maybe my employers should pay someone to do it!). But i am very willing to learn.
Perhaps, though I prefear to teach myself by reading books and documentation.
Theres a lot of stuff out there on the 'net
and there are also software/os specific mailing
lists which you should subscribe to and they
can help you. Even forums like this are good,
however you are more likely to get an answer to,
say, a tricky bind question on the bind mailing list.
Engarde Secure Linux
http://www.engardelinux.org as the mail server and Smoothwall as the firewall ( http://www.smoothwall.org )
I am not familar with either of these, however as
far as security goes, its better if the administrator disables unneeded services and installs updates/patches and the like, rather than
pick the "most secure" package, installs it, and
just leaves it there.
This is the way i am setting up the 2 boxes . PLEASE CORRECT ME IF I AM WRONG. Firewall forwards all outside SMTP traffic to mail server box on the DMZ (using port forwarding). Computers on the network connect to the mail server on the DMZ using secure POP3.
If that is the way you want to go, then yeah
its fine, you will also need to let SMTP traffic
from the clients through to the Mail Server
so that they can send mail out.
And you will need to allow SMTP traffic out
from the Mail Server to D'Internet.
Or perhaps to just your ISP's mail server if you
want to configure that as your "smart relay".
You may need to do this for a number of reasons.
Your ISP may only allow SMTP traffic out from
their network from their own mail server.
There are also a number of mail servers out that
are configured not to accept mail unless it is
comming from a server who's IP address resolves
to its own address.
i.e. say you have the domain fred.com and your
mail server is mail.fred.com, your ISP, eircom say
gives you the ip address 111.222.111.222, which is
the IP address of your firewall.
Now unless eircom change their DNS to say that
that address is mail.fred.com, if someone does
a reverse DNS lookup on it they may get somthing like cust222.corp111.eircom.net which is not your
domain.
Granted I have only come across this about 3 times
before, but just to let you know.
Is there a way to test that this is working? I mean Outlook *seems* to be connecting to the POP3 server simply cause it aint
complaining about not finding a POP3 server.
Well if you set up a test mailbox on the server
and then send a test mail to it echo "test" | mail -s "test" tom@localhost
Then attempt to collect mail from the client.
If you get the test mail its working
How can i test whether the firewall is forwarding the traffic and that the mail server is recieving it before the switch over?
If you can telnet from a machine outside your network to port 25 on the firewall, even from a
dialup or somthing, you should see somthing like:
220 mail.fred.com ESMTP Sendmail 8.8.8
Do i need to set up a DNS server on the box (or is using an external DNS server ok)? (You have to register DNS servers, is that correct)? And if so do u allow only people from the inside network use it or make it public? I havent been very successfull in finding really basic information about DNS and what to do....
An external DNS server is fine.
A cashing server may be an idea so that only that
machine has to make port 53 requests out through
the firewall and you can block the clients.
It would also slightly reduce the traffic over
your leased line.
You may also want to have an internal DNS server
if you want to have some name -> IP mappings for
internal rfc1918 (10.x.x.x 192.168.x.x ...) IP's.
Depends on your requirements.
You don't have to allow your DNS server to be visible from the outside unless you are going to host the DNS for your own domain.
You could either restrict your DNS server from your firewall or within the configuration of
the server itself, for example with bind:
options {
allow-query { 192.168.1/24; 1.2.3.4/32; };
};
There could be a lot of if's and whatnot's on this, so I'll leave it for now.
In the mean time, you might want to pick up the
O'Reilly book "DNS and Bind", there are also a
number of links at DNSRD.
Also assuming the mail server is working, whats the best way about migrating from our current mail hosting to the new server (it is a .ie domain)? ...Inform our present email relayers of our discontinuing of the service, go to http://www.domainregistry.ie/ fill out the request for SMTP traffic for the domain name to be forwarded to the outside address of the firewall and wait? Is that all that is required?
Well unless you want to transfear your domain to
yourselves and host your own DNS.
You contact whoever is currently hosting your DNS
and get them to add (or change) an 'A' (Address) record for mail.fred.com to point at the IP address of your firewall, and (possibly) change your primary MX (Mail eXchange) record to point at that.
You don't need to go near the IEDR unless you want to transfear the domain to yourselves, have a good
read through the site before you start thinking about that, you will either need to have two DNS
servers of your own or get someone to be your secondary, and you will have to allow them to do
zone transfears off you, and, eh, you would want
to have your DNS figured out to start messing there.
DNS is one of the big blobs of glue that holds the internet together, when it breaks, things get messy.
Also our domain website is hosted elsewhere, does that make any difference? I mean can DNS direct HTTP traffic to
one address and SMTP traffic to another address, both of which have the same domain name?
Ah, not as such, you generally split it up into
different services, and have an 'A' (Address) record for each, so www.fred.com resolves to the IP of your web server, mail.fred.com resolves to the IP of your mail server.
They may be the same or they may not.
Then you have MX records which say where mail for
the domain is to go. each record has a priority and the one with the lowest priority is your
final destination.
For example boards.ie has 2 records:
boards.ie. IN MX 10 mailrecv.bigmailbox.com.
boards.ie. IN MX 15 mxbackup.iol.net.
So their mail server is (possibly) mailrecv.bigmailbox.com, so a mail server trying to send mail to boards.ie will to a DNS lookup for the MX records and try to deliver to the primary.
If that machine is down or not reachable it will then try to deliver to mxbackup.iol.net.
The mail will sit there until mailrecv comes back
and mxbackup will forward it on.
Anything that i have missed out on?
Perhaps, But I've said enough as it is....
heh... um.... *sigh*0 -
Advertisement