Thank you for all the replys. Eric, you are right. The toaster is seeing my internal localhost sendmail session as coming from the public nat ip.
My next question is, am i adding the tcp.smtp settings you mentioned to be able to use mail.company.com from my internal app behind nat to send mail through the mail.company.com instead of the localhost sendmail? Basically with allow and relayclient settings in tcp.smtp my internal app behind nat should be able to send email through the external toaster without authenticating? I think i want to do that, but would it be more secure being able to authenticate from the internal php app to mail.company.com through a specific account without any tcp.smtp settings? > What JP says would certainly help. > > Given what you *have* said though, and making a few presumptions, I might > have a fix for you. Since your internal machines are being nat'd, I'm > thinking that the smtp sessions for these will appear to the toaster to be > coming from the external address of the natting device. > > Simply add that address (the external address of your natting device) to > /etc/tcprules.d/tcp.smtp file like so: > external.address.of.nat:allow,RELAYCLIENT="" > Regenerate your cdb file: > # qmailctl cdb > and you should be good to go. > > Note, this solution is a tad bit insecure. If someone were able to spoof > this address (while unlikely it *is* possible), they could use your > toaster > as an open relay. Not much of an issue if it's a private address, somewhat > more so if it's public. The best solution, while not as easy but more > secure, would be to configure the sendmail clients to authenticate > themselves. > > Jean-Paul van de Plasse wrote: >> Hi, >> >> Any messages in the logfiles (on both qmailtoaster server and >> development machines) >> What do you get when you telnet from the development machine to the >> qmailtoaster on port 25 and type something like >> helo >> mail from:[EMAIL PROTECTED] >> rcpt to:[EMAIL PROTECTED] >> data >> subject: test >> test >> . >> >> Simply said, more info is needed to solve this for you. >> >> Regards, >> >> JP >> >> ----- Original Message ----- From: <[EMAIL PROTECTED]> >> To: <qmailtoaster-list@qmailtoaster.com> >> Sent: Wednesday, January 17, 2007 8:29 PM >> Subject: [qmailtoaster] Re: Accepting mail from local mail servers >> >> >>> Hi, >>> >>> I am not sure what the problem is and how to resolve it. I am hosting >>> my >>> company qmailtoaster server in the datacenter on an external ip, I also >>> have some development machines inside the company behind the nat on >>> internal ips. >>> >>> When an internal application sends email out to [EMAIL PROTECTED] using >>> sendmail on localhost, I am not getting that email at [EMAIL PROTECTED] >>> >>> I am pretty sure qmail rejects these emails because they come from a >>> mailserver behind nat which doesnt resolve to anything. >>> >>> What do I need to configure on qmailtoaster so I can allow my >>> development >>> machines to send me email to [EMAIL PROTECTED] Is there a setting where I >>> can just specify my company external ip to allow all the mail from my >>> internal subnet without being rejected? >>> >>> Thank you >>> > > > -- > -Eric 'shubes' > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
