Dave,
You don't need the "outerdomain.com" or the "innerdomain.com" fake domain
names (they just confuse things).
Simply configure the Exchange server as if it is on the Internet 24/7 and
receiving mail for your clients FQDN. Make sure the firewall is routing all
incoming port 25 traffic to the internal Exchange machine. Then, in the
hosts file of the IMail machine, associate your clients FQDN with the
external IP address of the Firewall and point the MX record to the IMail
machine. That's all there should be to it. Again, there really is no need
for the IMail machine. You could just as easily point the MX record straight
to the external IP of the firewall.
Users will be handled on the Exchange server just as if it was outside the
Firewall. You don't need to configure any users or anything else on the
IMail server. DNS can be handled by an external source (i.e. your DNS
server), there's no need to setup an Internal DNS Server.
The suggestion of creating a DMZ with a third NIC is a good one. It's much
more secure than mapping port 25 to the internal network. In this scenario,
you map the external port 25 to the Exchange server in the DMZ and then you
map the internal network to the DMZ. In this way, if someone does manage to
knock over your Exchange box, your internal network is not compromised. They
would only have access to whatever else was in the DMZ (web servers, ftp
servers, etc.) which by nature need to be "out there" anyway. As Frank
mentioned, it is more work getting Exchange to work through the Firewall if
the client is using the Exchange service instead of the standard POP/SMTP,
but it's well worth the extra effort for the added security.
Mike Perdue
WebMaster
The Grizzard Agency - An MSGi Direct Company
[EMAIL PROTECTED]
-----Original Message-----
From: Dave Wilson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 18, 2000 6:10 PM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] Gateway through firewall to Exchange using
ETRN- help
Michael,
Thanks for your info. Just need to clarify a couple of things with you.
Let's presume the firewall does support internal mappings (I'm about 90%
sure it does - We didn't install it nor have experience of the firewall
being used)
With that presumption made, I simply set firewall external ip to resolve to
outerdomain.com (the FQDN of the Imail machine) in the hosts file? Then,
configure the port mappings on the firewall and this will work?
What about users? Also, what do I do with the false innerdomain.com that has
been set on the Exchange machine?
I knew all along that there wasn't really any need for the external Imail
server but our clients were adamant that they needed it despite my advice to
the contrary, so who am I to argue if they want to pay us for this?
Cheers,
Dave
Dave Wilson
Internet Technology Manager,
BizNet Solutions
<Allaire Premier Partner>
Co-Founder CFUG Ireland
http://www.cfug.ie
224, Lisburn Road
Belfast BT9 6GE
Tel: 02890 225 776
Fax: 02890 223 223
web: http://www.biznet-solutions.com
email: [EMAIL PROTECTED]
----- Original Message -----
From: Michael Perdue <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 18, 2000 8:55 PM
Subject: RE: [IMail Forum] Gateway through firewall to Exchange using ETRN-
help
>
> Basically you have 2 fairly easy options here, depending on the firewall:
>
> 1) With most firewalls you can forward certain port numbers to an internal
> machine, it's usually referred to as "port mapping" or "internal mapping".
> Most NAT devices support this, including Pipeline and SonicWall routers
> (though I don't recommend it on the Pipeline, it's very flaky), as well as
> the NAT that is built into Windows 2000. If the firewall supports internal
> mappings, then map port 25 inbound on the firewall's external IP address
to
> port 25 on the internal IP address of the exchange server. I don't really
> see the need for ETRN since once you define the external address of the
> firewall in your hosts file, mail will be delivered automatically upon
> receipt by the IMail server. In fact, if the firewall supports internal
> mappings, you don't even really need the IMail server at all. Just point
the
> MX record to the external IP address of the firewall and it will handle
the
> rest.
>
> 2) If the firewall does not support internal mappings, there is a program
> called Autodialer that will retrieve email from a POP mailbox and convert
it
> back to SMTP for a local mail server. As the name implies it is can also
be
> used with dial-up modem connections, but it's just as easy top use through
a
> NIC. In this scenario, you could use the "nobody" alias on the IMail
server
> to catch all email for the domain and install Autodialer on the Exchange
> server. You can then program Autodialer to retrieve mail every 30 minutes
or
> so. Again, no need for ETRN. Autodialer costs around $80 and it works with
> almost any SMTP mail server on NT (I've used it with NTMail, IMail, and
> Exchange).
>
> In either configuration there is no reason to confuse things with "fake"
> domain names since each mail server is isolated from the other by your
> firewall.
>
> Mike Perdue
> WebMaster
> The Grizzard Agency - An MSGi Direct Company
>
>
>
> -----Original Message-----
> From: Dave Wilson [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 18, 2000 12:12 PM
> To: [EMAIL PROTECTED]
> Subject: [IMail Forum] Gateway through firewall to Exchange using ETRN -
> help
>
>
> Hi all,
>
> I'm having some difficulties in configuring an Imail server for a client.
> The set up at the client is as follows:
>
> Leased line connection recently installed;
> Gnat Firewall;
> Imail server outside firewall with public IP;
> Exchange server inside firewall (Private IP - 192....)
> NO internal DNS.
>
> Prior to having leased line, the client has been using their Exchange
server
> for internal mail only and using one of our in-house Imail servers via the
> internet using a dial-up connection to another ISP.
>
> I thought it would be appropriate to configure their new Imail machine to
> store and forward all their mail to their internal Exchange Server using
> ETRN, but am stuck on a technicality. Basically, as their internal
Exchange
> server doesn't use a FQDN, and is using an internal IP, I can't figure out
> how I am to write the MX records and host files to make this work.
>
> The exchange server has been set up to recognize a pseudo-domain e.g.
> innerdomain.com (not registered with Internic) and I have configured their
> Imail server as outerdomain.com (Fully registered and qualified domain).
>
> My current thinking is that maybe I should set up internal DNS for the
> client but not sure how to set this up correctly for this situation and
also
> not sure if I'm close to the mark or going totally the wrong direction.
>
> Any help would be much appreciated.
>
> Dave
>
> Dave Wilson
> Internet Technology Manager,
> BizNet Solutions
>
> <Allaire Premier Partner>
> Co-Founder CFUG Ireland
> http://www.cfug.ie
>
> 224, Lisburn Road
> Belfast BT9 6GE
>
> Tel: 02890 225 776
> Fax: 02890 223 223
> web: http://www.biznet-solutions.com
>
> email: [EMAIL PROTECTED]
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
