On 26 Mar 2002 at 8:07, Mike Burden wrote: > > -----Original Message----- > > From: Adrian Bolzan [mailto:[EMAIL PROTECTED]] > > > > I found that when I last used that feature our roaming > > (mobile laptop) > > users who used our mail server to relay e-mail could no longer > > send e- mail through our mail server- the proxy rejected them. > > > > As thi srelayign is vital we will set up a proxy on the PSN > > that passes > > smtp traffic to our mail server, that will authenicate using SASL. > > > Here's where I think you want to go: > > 1. Mailserver on the PSN that *REQUIRES* SMTP authentication from > the clients (because otherwise you have an open relay, which is > a *BAD* thing!) > > 2. Tunnel and filter (or tunnel with "automatic accept all") > an alias on the EXT to the mailserver for some combination of > ports 25 (SMTP), 110 (POP3) and 143 (IMAP) > > 3. Mailserver on the PRO that handles incoming and outbound > mail for users on your LAN > > 4. Email proxy to allow incoming email to be delivered to the > mailserver on the PRO > > 5. Tunnel and filter from the PSN address to the mailserver on > the PRO to allow the mailserver on the PSN to deliver mail > to the mailserver on the PRO. You should use a filter instead > of checking "automatic accept all" so that you can limit use of > this tunnel to the mailserver on the PSN. > > 6. The mailserver on the PRO should disallow relaying for SMTP > coming from the GNAT Box address. > > The results: > > 1. Roaming users use the Alias on the EXT to send mail using the > mailserver on the PSN. > > 2. Hosts on the Internet use the primary EXT address to send > email to you. This should be the address that your MX record > points to. > > 3. Users on your LAN use the mailserver on the PRO for incoming > and outbound email. > >
Thanks for these excellent ideas. I am having trouble with my setup, whereby authentication occurs on the server inside the PRO network, but as all traffic was coming from a proxy on the PSN, wher all traffic from it was allowed by th email server, the mail server became an open relay. I will look into the implementation of these. thanks, adrian --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
