[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firewall and zmailer forwarder problem

To: tpaquett@ita.lgc.com
Subject: Re: firewall and zmailer forwarder problem
From: Matti Aarnio <mea@utu.fi>
Date: Fri, 9 Dec 1994 12:23:06 +0200 (EET)
Cc: zmailer@nic.funet.fi
In-Reply-To: <9411241636.AA08475@elvis.ita.lgc.com> from "tpaquett@ita.lgc.com" at Nov 24, 94 06:36:54 pm


I am going thru my mailbox for various Zmailer topics to make a condensed
release as soon as possible -- preferrably last summer, but ...


Following is speculation on how to possibly do this.  I didn't actually
code and test this...


> We have the following setup here and I need some help..
> 
> 
>  Internet <-> Firewall <-> mailhost.aec.ca
>               (pandora)    (sol)
> 
> 
>   sol (the mailhost) is running zmailer and can route all mail internally
> without any problems.. (expect our msmail gateway had some initial problems..)
> 
>  However when someone sends mail to an outside host, I get the following:
> SMTP: Connecting to host: ita.lgc.com
>  getmxrr(ita.lgc.com) rc=0, mxh[0].host=lgc.lgc.com (host=ita.lgc.com)
> 500 (connect to lgc.lgc.com [134.132.1.2]: Network is unreachable)
> smtp ita.lgc.com tpaquett@ita.lgc.com 803: deferred 500 (connect to lgc.lgc.com [134.132.1.2]: Network is unreachable)
> 
>  How can I tell zmailer to send to pandora first, as this is the machine that
> must actually send the file to the internet.
> 
>  I have SMARTHOST set to pandora.aec.ca in zmailer.conf, but that does not seem to work..
> 
>  Any ideas?


	There is missing a way (aside of DNS "world-hack") to define
	"*.my.domain" are in my local DNS handling, the rest shall go
	to MAILGATEWAY/SMARTHOST..

	Umm.. A double-tier hack would be to define a static route:
	($MAILSHARE/db/routes)
		.my.domain	dns!
		.other.domain	dns!

	and define then a rule for it into the  $MAILSHARE/cf/rrouter.cf's
	router_spec() which does:

		dns!
		    sift "$address" in
			(.*)<@(.+)>(.*)	
				tmp=$(smtp_neighbour "\2" "$address" $A) &&
					return $tmp
				# Tough, failed..
				return ((($UNRESOLVABLEACTION "$address" $A)))
			;;
		    ftis
		    ;;

	That way the local addresses can be resolved via DNS and the rest will
	be thrown to the $SMARTHOST..
	There is a complication, though..  Earlier on the rrouter.cf there is
	a usage of  $protocols -value, which is used to select used protocols.
	As it happens, that same value is used for their initialization, and
	thus in the system  $MAILSHARE/router.cf  there needs to be explicite:
		. i-smtp.cf
		. p-smtp.cf
	AFTER the current "method initializer".
	(And the protocols entry is to be:  protocols='routes')


>  Is it also possible to setup pandora.aec.ca to act as a passthrough mailhost?
> Meaning:
> 
>   Anymail being sent to it will connect to mailhost.aec.ca for mail in aec.ca,
>   try MX records for all other mail, if the MX fails, send to a smarter site
>   to handle the message.

	On the pandora:

	$MAILSHARE/db/routes:  .aec.ca	smtp!mailhost.aec.ca
	(Inbound is easy, outbound isn't..)

	Currently the DEFERRED/HOLD processing may fail on your wish
	to use some external system as a fallback when lookups fail.
	( -> message goes to hold-queue )
	I don't see any easy way out of it, and only the truly unknown
	addresses (foobar@foobar) would go to the SMARTHOST in the first
	place.

	I would not let that happen, so IMO if the pandora has global
	connectivity, it is better to be the smart-host itself.  Thus
	a mis-addressed piece of potentially sensitive email would not
	go to some outside system.

>  Trev

	/Matti Aarnio	<mea@utu.fi> <mea@nic.funet.fi>

References:
- firewall and zmailer forwarder problem
  - From: tpaquett@ita.lgc.com

Prev by Date: Re: Status: 550 User unknown error messages..
Next by Date: Re: scheduler control file problem
Prev by thread: firewall and zmailer forwarder problem
Next by thread: Re: firewall and zmailer forwarder problem
Index(es):
- Date
- Thread