I do something similar, just not with Exchange.
With this system you're leaving the door open if h...@help.domain.com
ever gets accidentally released into the wild. I've been very careful so
far and this hasn't been an issue.
We talked about implementing iptables rules on the RT box that would
limit which machines it can receive email from in order to prevent
people from using h...@help.domain.com and instead using h...@domain.com
so mail goes through the proper path. We haven't done it though, and so
far keeping h...@help.domain.com as a secret all has been well.
On 12/13/10 7:11 PM, Jason Knight wrote:
Just thought I’d throw this tip out there if you are running Exchange
in your environment. I have RT configured on my CentOS 5.5 box,
help.domain.com. My /etc/alias file uses h...@help.domain.com
mailto:h...@help.domain.com for incoming requests into my main
helpdesk queue. What I’ve done with Exchange, that hosts for
domain.com, is to create the email h...@domain.com
mailto:h...@domain.com, and a contact for h...@help.domain.com
mailto:h...@help.domain.com. The newly created Exchange mailbox,
h...@domain.com mailto:h...@domain.com forwards to
h...@help.domain.com mailto:h...@help.domain.com. What this allows
me to do is use delivery restrictions on the Exchange account to limit
the help desk to authenticated users only, thus blocking outside
requests. I know RT has it’s own mechanism to do this, but this
allows me to open it up easily if I need to, and I can use LDAP
authentication alongside local users in RT.
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
--
John Arends
jare...@illinois.edu
Network Analyst
College of ACES ITCS
University of Illinois at Urbana-Champaign
