Thank you all for the replies. I decided to take your advice and use mail
relaying normally. As you said, less complicated, and still does not
jeopardize security. Thanks again.
Best Regards
Nizar El-Assaad
-----Original Message-----
From: Roger Seielstad [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 7:05 PM
To: Exchange Discussions
Subject: RE: ETRN without dial-up
The best way to understand ETRN is to describe it as propmted relaying.
Using your scenario as a guide, your internal mail server would need a lower
MX record preference than your external server. Mail would get delivered to
the External relay, and since its not the lowest preference, it would queue
the mail.
When the internal (lowest preference) server is ready to receive mail, it
connects to the external relay and issues a single command (ETRN, I
believe), and the *disconnects*. That one command tells the external (relay)
server to start delivery of all messages queued for that domain. WHich means
that the external server attempts to connect to the internal server and
deliver mail, meaning that the firewall needs to allow connections from the
outside to the inside.
Additionally, by queuing it outside the firewall, you are leaving corporate
information on the wrong side of your firewall for an extended period of
time. Not good practice, frankly.
Roger
------------------------------------------------------
Roger D. Seielstad - MCSE MCT
Senior Systems Administrator
Peregrine Systems
Atlanta, GA
http://www.peregrine.com
> -----Original Message-----
> From: Nizar El-Assaad [mailto:[EMAIL PROTECTED]]
> Sent: Monday, September 24, 2001 11:46 AM
> To: Exchange Discussions
> Subject: RE: ETRN without dial-up
>
>
> It is just that I want the server in the secure zone to open
> the connection,
> and not vice versa. I am not sure if this improves security,
> but that is
> what the guys from Cisco told me. Is it true, or just opening
> port 25 on
> both sides would be the same, no matter which server initiates the
> connection?
>
> Best Regards
> Nizar El-Assaad
>
>
> -----Original Message-----
> From: Webb, Andy [mailto:[EMAIL PROTECTED]]
> Sent: Monday, September 24, 2001 6:00 PM
> To: Exchange Discussions
> Subject: RE: ETRN without dial-up
>
>
> OK, so what changes the rules in the PIX to allow the mail to
> flow after the
> ETRN?
>
> ETRN is /not/ TURN. ETRN merely indicates to the queueing
> host "I'm here
> now". The host still uses the same inbound SMTP connectivity
> it would have
> tried to use before the mail was queued.
>
> =======================================================
> Andy Webb [EMAIL PROTECTED] www.swinc.com
> Simpler-Webb, Inc. Austin, TX 512-322-0071
> -- Eating XXX Chili at Texas Chili Parlor since 1989 --
> =======================================================
>
>
> -----Original Message-----
> From: Nizar El-Assaad [mailto:[EMAIL PROTECTED]]
> Sent: Monday, September 24, 2001 9:10 AM
> To: Exchange Discussions
> Subject: ETRN without dial-up
>
>
> Hello
>
> Does the ETRN command work without a dial-up connection, i.e.
> on a LAN/WAN?
>
> I am asking this question because I have a problem in
> configuring my mail
> system. My problem is that I have my mail server (where all
> the mailboxes
> reside) behind a PIX firewall on the secure subnet. Incoming
> internet mail
> will not go directly to my mail server, but to a mail gateway instead,
> located in the DMZ. Now this gateway will hold the mail until
> my original
> mail server opens a connection to it to retrieve the mail (firewall
> configuration only allows connections to be initiated from
> the secure zone
> to the DMZ). I was thinking of using ETRN to dequeue the mail on the
> gateway. Is this feasible? Better yet, is this configuration
> reasonable, or
> there are better alternatives? I heard that ETRN only works
> with dial-up
> connections, is this true?
>
> Thanks a lot for the assistance.
>
> Best Regards
> Nizar El-Assaad
>
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
