On Sun, Nov 07, 1999 at 11:25:12PM -0000, John R. Dunning wrote:
> Hi all. Parts of this have been discussed elsewhere, but I haven't
> seen anybody describing quite this setup. I'm reconfiguring a network
> to have a dedicated firewall machine, on which I want to run qmail.
> But, I don't want the firewall machine reaching in to the rest of the
> network to do delivery; I want it to turn around and forward any
> incoming mail to the "real" mail server on the internal network. I'd
> also like the reverse path for outgoing mail; the internal mail server
> forwards to the one on the firewall, which takes care of getting it
> out into the rest of the net.
>
> ---+ +----------+ +-----------+
> | | Firewall | | Internal |
> Net|----->| |-------->| Server |
> | | Qmail | | Qmail |
> |<-----| |<--------| |
> ---+ +----------+ +-----------+
>
> If anyone can shed light on how to set this up, or point me at some
> docs, it would be greatly appreciated.
On the firewall, you need to list the domains for which you'd like to receive
mail in control/rcpthosts, but *not* in locals or virtualdomains. In
control/smtproutes, put:
example.com:[IP address of internal server]
anotherexample.com:[IP address if internal server]
etc, where the domains listed are the ones you listed in rcpthosts. You also
need to implement selective relaying on the firewall
(http://www.palomine.net/qmail/selectiverelay.html) so that the internal server
can relay through it.
Set up everything normally on the internal server, and put in control/smtproutes:
:[IP address of firewall]
The internal server will forward to the firewall any mail not handled locally.
Chris
