On Fri, Apr 27, 2001 at 09:48:52AM -0700, Julio Guillen wrote:
> Hi there, I hope someone help me with this issue. My
> scenario is as follows:
>
> Internet<->Mail Gateway<->Main Mail Server<->End Users
Set up a virtual domain on the "Mail Gateway" that is your real domain
(called example.com further on):
file: control/virtualdomains:
example.com:filter
create a qmail user account like:
file users/assign:
+filter-:<user>:<uid>:<uid>:/home/filter:-::
.
(please notice that a "." has to be alone on the last line, see man
qmail-users for more information on the structure of the file)
Run "qmail-newu".
Now
# mkdir /home/filter
# chmod 711 /home/filter
# chown <uid>:<gid> /home/filter
In that directory add files
.qmail-<user>
for each <user>@example.com containing the line
&[EMAIL PROTECTED]
where "internal.example.com" is the name of "Main Mail Server".
add one file .qmail-default
containing the line
|/var/qmail/bin/bouncesaying "the rejection message sent back to senders"
this will bounce back eMails to all addresses <user>@example.com that
do not have a .qmail-<user> file in that directory.
The text is the error message that will be sent back along with the
message to the sender sending to a "blocked" user.
If tou simply want the error message to be "no such user" you don't
need the .qmail-default file.
On "Main Mail Server" set up a qmail server that does the deliveries
as you like. Via tcpserver (see -x option) block all connections but
from IP addresses of your internal net and "Mail Gateway".
This setup should work as a "mail from the Internet" block, as you
wanted it to be.
For the outgoing block it is a bit harder and depends on local
infrastructure:
On your firewall, block port 25 for outgoing connections
originiating from all local IPs but your "Mail Gateway".
On the Mail Gateway block all SMTP connections from local IP addresses
but from "Main Mail Server" and make the IP of "Main Mail Server" a
RELAYCLIENT (again, using tcpserver).
On "Main Mail Server" create a file
control/smtproutes and add one line:
:mailgate.example.com
which will forward all messages that are non local to the "Mail Gateway".
For the last step (allow certain users to send to the Internet) you need
two constraints:
- none of the other users has a login on "Main Mail Server"
- you can identify those "certain users" by IP address.
Allow relaying from the IP addresses of those certain users by making
them RELAYCLIENTs (again, via tcpserver).
----------
IMHO this setup should work, but maybe someone has a better/easier solution.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
Stress is when you wake up screaming and you realize you haven't fallen
asleep yet.
