At 02:18 AM 12/31/2003 -0500, Gene Smith wrote:
Presently my users behind my bering-leaf f/w send mail using mozilla via my ISP's smtp server. However, this server is sometime down for short periods and connection cannot be made. In that case, the user either retries the send later or saves the message as a draft and tries to send it later. (Mozilla does not seem to have a "guaranteed" delivery feature.)
Is a feasible solution to this to install qmail.lrp on my bering-leaf and let it take the place of the ISP's smtp server from the user's point of view? As I see it, qmail would just relay the messages on to the ISP's smtp server, but if connection to it can not be made, it would queue the messages for later retry.
Most of the discussion on the leaf mail list seems to be about receiving email with qmail and making user accounts. At this time I
am only concerned with the sending process and my user's email
address would remain [EMAIL PROTECTED] via the ISP's pop server.
Is qmail.lrp a good solution to the problem or is there a better way to fix it? If so, is there a easy way to configure qmail to do just this. In any case, I need to peruse the qmail docs in great detail tomorrow.
In principle, any full-strength MTA can be configured to do what you
want. I don't use qmail myself, but with the MTA I do use, exim on Debian, the setup is trivially easy ... you just select the
"smarthost relay" option and identify the ISP's relay as your
smarthost. Since you are (I assume) already NAT'ing your LAN behind
the LEAF firewall, mail going to this relay should look like it
belongs to the mail that the relay will accept. The details of
choosing this option in qmail aren't really firewall/routing issues,
so if it is not obvious, you might get better help from a qmail
mailing list on that part.
The actual firewall/router aspects of this setup are pretty straightforward -- it needs to ACCEPT connections from the LAN to its
own tcp port 25, and it needs to ACCEPT connections from itself to
the ISP's relay at tcp port 25.
Aside from the smarthost relay part, qmail itself should require no special configuration. Since the mail has a From: header that should
(perhaps in conjunction with MX entries in your DNS) direct replies
to the ISP's mail server, you don't really care what qmail thinks it
is doing in the way of receiving mail, and you can safeguard the firewall/router but DENYing connections to its tcp port 25 from the external interface.
Your other option -- this is what I do here -- is to run an MTA on a separate internal host. This increases your choices of MTA, if you use a full-size Linux distro, and it might help if the router doesn't have a lot of filesystem space (RAMdisk, hard drive ... you don't say what it has) on which to queue unsent messages. It is probably not worth setting up a separate LAN server just for this, but if you have any Linux servers on the LAN already (perhaps a Samba-based file and print server), adding outgoing SMTP to one of them might be easier than adding it to the router ... and it should require no special reconfiguration of the router, since normal firewall/NAT settings will permit outgoing connections to tcp port 25.
Thanks for the info. Yes, I am NAT'ing behind the f/w.
I was sort of able to get qmail working but it uses a lot more of my ramdisk (only have 32Meg Ram) than I hoped. Also, it seems to fill up my log file partition which evenutally gets full and renders the LEAF box unusable (must reboot with constant diskfull message on console). Not sure what to get rid of in qmail pkg since I only need minimal qmail functionality (just want to send to smarthost which works).
The documentation implied that daemontools was optional but it does not seem to be since qmail does not startup w/o it in package list.
I was able to do the sendmail smarthost by adding a file /var/qmail/control/smtproutes with my isp's email server as follows:
:smtp.chartertn.net
which does not seem to be supported on the lrcfg qmail menu.
However, every few minutes I see in /var/log/qmail/qmail that a internal message from [EMAIL PROTECTED] is send to [EMAIL PROTECTED] . It is a local message that is being sent to the isp smarthost and is accepted. (Never changed the default domain names since I don't really have one.) However, it appears that mydomain.com resolves to a real ip address and it appears that qmail is attempted to connect to its port 25 but for some reason shorewall is rejecting the connection attempt even though I allow connections from the f/w to remote port 25. (There is a lot I don't understand about this!)
Modified /etc/init.d/qmail to not start the pop3d which I definitely don't need. That gets rid of a lot of processes. However, still seem to need qmail and smtpd started it appears.
Anyhow, I will keep looking at this some more. Suggestions or further help most welcomed!
-gene
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
