Peter Marenbach <[EMAIL PROTECTED]> wrote:
> > ... We need a _much_ better and clearer explanation. I still think
> > you're trying to explain your proposed solution to a problem when
> > you haven't yet explained what the actual problem is.
[...]
>
> FW A - VPN A with mailserver
> /
> the - FW B - VPN B - PX B - virtual private
> internet \ / mailserver
> FW C - VPN C - PX C
> This means e.g. that a mail send from [EMAIL PROTECTED] to
> [EMAIL PROTECTED] should be delivered localy. If [EMAIL PROTECTED] sends a
> mail to [EMAIL PROTECTED] the mailserver should forward the mail
> through firewall FW B to the internet.
Okay, this is a much clearer explanation. Everything you've said so far
is easy to do with qmail, virtualdomains, and whatnot.
> And finally, if [EMAIL PROTECTED] send a mail to [EMAIL PROTECTED] the
> mail should again be at first routed through FW B to the internet and
> then transfered through FW C to the private mailserver of VPN C (which
> is actually the same server as the private server of VPN B).
This is the problem. I don't think there's an easy way to do this.
You want several domains to be handled by qmail; the normal way to do
this is to make them all virtualdomains. Often, you'll use a virtual
domain manager package (such as vmailmgr) to provide POP/IMAP access to
these virtual domains, along with management services.
But when you send mail "from" one of these domains (i.e. it ends up
injected into the local queue), to another virtual domain on the same
box, qmail "knows" it also handles the second domain. It will then
deliver directly to that domain. Making qmail deliver via SMTP to
another machine is problematic -- the other machine turns around and
sends it back, but now you want qmail to handle the domain locally, not
handing it off to the firewall again.
> I know this looks pretty confusing at first sight. However, the
> advantage is that one can make full use of the firewall functionallity
> of FW B and FW C (for virus scans etc.) This would not be possible if
> the server treats mail from one VPN to another as local.
I really don't think it can be done -- at least not easily. Your
description involves sometimes treating a domain as local, and sometimes
treating it as remote -- but there's no way for qmail to distinguish
between the two.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
-----------------------------------------------------------------------
