Hi, Varga R. Tamas wrote: :I set up TIS fwtk and in the docs found that smap is used as a wrapper :for mailing. My problem is that smap is installed on the firewall, but :in order to receive mail sendmail should also be installed on the same :machine which results in putting all users on the firewall. This is a :contradiction as no users should be on a firewall machine, right? : :What am I getting wrong?
The notion that you have to have your mail server on the firewall. At least the TIS Gauntlet (which I'm familiar with) lets you specify a mailhub for your mail domain - any incoming mail gets forwarded to it. If you don't want to rely on this, you'll have to set up a split DNS for your domain(s) with an NS serving your domains on the inside of the secure perimeter. The trick with split DNS is that the NSs on the outside (that everybody uses) give the firewall as MX for your domain(s). However, the firewall should be set up to resolve from the internal NS. Here you redeclare the domains you're running with the proper MX records to point at your mail server. Of course all of your machines inside the secure perimeter will have to use that NS, too. Let's make an example: your site is foo.org, and you've got a mail server (mail.foo.org) in your secure perimeter. gate.foo.org is the name of the external interface of the firewall. On the "public" NS you declare the zone foo.org containing a line "foo.org. IN MX 10 gate.foo.org". On the internal NS, you keep the same zone but with the line "foo.org. IN MX 10 mail.foo.org". So if I now want to send mail to Joe Bar ([EMAIL PROTECTED]), my sendmail grabs the MX info from your external NS records and uses gate.foo.org as a relay. Provided I haven't set up a mailhub there, the sendmail on the firewall then notices that this isn't a local address, and then in turn looks up the MX record on the internal NS and proceeds to relay the message to the proper machine. HTAYQ, -- Thomas Baetzler, [EMAIL PROTECTED], [EMAIL PROTECTED] <A HREF="http://www.fh-karlsruhe.de/~bath0011/>Visit my Homepage!</A> "The cowards never came, and the weaklings died on the way" - R.A.H. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
