Re: overwrite locals

Mon, 13 Aug 2001 13:32:17 -0700 

> ...
> We need a _much_ better and clearer explanation.  I
> still think you're
> trying to explain your proposed solution to a
> problem when you haven't
> yet explained what the actual problem is.

Okay, let me try to start from the beginning. The
"normal" way how mails are delivered to closed
networks like VPNs is through a firewall which is
acting as a relay. This relay forwards mails coming
from the internet to a server inside the VPN or vice
versa.

 
              FW A  -  VPN A with mailserver
           /               
 the       -  FW B  -  VPN B with mailserver
 internet  \                          
              FW C  -  VPN C with mailserver


The MX records in DNS point to the public firewall
interface and so on ... nothing special.

Now, what if customers B and C don't want to setup and
manage their mailserver on their own. They might have
mailboxes on a internet mail server (such as yahoo)
but that means that all his mail traffic would be
routed through the internet. Another opportunity would
be to let a provider setup a private mailserver being
part of the VPN. Instead of setting up a dedicated
mail host for each VPN the provider finally wants to
offer some kind of a virtual private mailserver. This
means on host which behaves like many separate
mailservers.


             FW A  -  VPN A  with mailserver
          /                          
the       -  FW B  -  VPN B  - PX B  - virtual private
internet  \                          /    mailserver
             FW C  -  VPN C  - PX C      



This means e.g. that a mail send from [EMAIL PROTECTED]
to [EMAIL PROTECTED] should be delivered localy. If
[EMAIL PROTECTED] sends a mail to [EMAIL PROTECTED]
the mailserver should forward the mail through
firewall FW B to the internet. And finally, if 
[EMAIL PROTECTED] send a mail to [EMAIL PROTECTED] the
mail should again be at first routed through FW B to
the internet and then transfered through FW C to the
private mailserver of VPN C (which is actually the
same server as the private server of VPN B).

I know this looks pretty confusing at first sight.
However, the advantage is that one can make full use
of the firewall functionallity of FW B and FW C (for
virus scans etc.) This would not be possible if the
server treats mail from one VPN to another as local.

Thanks for your patience
Peter

__________________________________________________________________
Do You Yahoo!?
Gesendet von Yahoo! Mail - http://mail.yahoo.de

Reply via email to