Len Thank you for the suggestions. I tried the two IP addresses with the block in the PIX first but again the outbound traffic does not seem to source the IP address that is pined to the domain. This may be a windows 2000 problem or a setup problem with how IMail was original installed.
As for the IMGate Idea it looks like it only works with BSD plus they will not spring for more hardware. Wes -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Len Conrad Sent: Sunday, February 10, 2002 3:30 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] Two Domains diferent outbound requirementssame serve >Please Help! >I Have a customer that is trying to use the IMail product to control two >Corporate Domains with different requirements as to the outbound mail from >each of them. We need to limit one domain (dom1) to only send mail to >itself and the second domain (dom2). ok >Dom2 should have un-feathered outbound limits. Mr. Parrot, some people here think Imail is a turkey, but you don't have to worry about it sprouting feathers .... :)) < maybe, a couple of beauty marks aka warts ... > >This email server is on a >DMZ behind a Cisco PIX. Things I have tried are to add another NIC to the >server and route it through another DMZ on the PIX and then limit it via an >Access control list on the PIX. I did set the IMail server dom1 to this new >IP address. However the IMail server still seems to only use the first IP >address for all outbound traffic. It will use the ip assigned to the mail domain, as I discovered this week in the KB. You don't need two nics, just two ip's on the first nic. Assign an ip to each domain. at the pix, make a rule block out proto tcp/ip from ip.of.dom1 to any port 25 >Has anyone tried to set up these kind of dual outbound restrictions? yes, but not with Imail alone. This kind of stuff is trivial if you use an SMTP proxy like http://IMGate.MEIway.com. Even better, to protect your Imail server, you put would sacrificial goat IMGate in the DMZ as bastion mail host and Imail on the inside LAN. Compared to the several $1000 spent on the PIX, IMGate is free and provides much better security and full SMTP protocol suppport compared to PIX. btw, if you have roamers wanting to use Imail as SMTP AUTH relay, don't let PIX proxy SMTP for Imail. IMGate can also provide pop-before-smtp, avoiding fogging the pure air in the users' heads of the most technologically country on the planet with high-tech stuff like SMTP AUTH. :)) Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
