[CentOS] Port Forwarding

Mon Feb 2 15:30:39 UTC 2009
Thom Paine <painethom at gmail.com>

The other issue we are having is that I need to run LDAP on that
server for syncing address books to send email with. So not only do I
need mail and LDAP, but I need ssl and authentication and
certificates.

I do have another box here that I had planned on using for the
forwarding taks, I suppose that I could set it up to accept mail and
forward to the main server. The main server could still use the smtp
smarthost as the outbound default mailer and go out the second
server's connection?

I guess what I really need is a Cisco 515 router. I should have
thought of that a while ago.....

On Sat, Jan 31, 2009 at 2:25 PM, John <jses27 at gmail.com> wrote:
>> -----Original Message-----
>> From: centos-bounces at centos.org
>> [mailto:centos-bounces at centos.org] On Behalf Of Les Mikesell
>> Sent: Saturday, January 31, 2009 12:57 PM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] Port Forwarding
>>
>> Thom Paine wrote:
>> >
>> > It doesn't necessarily make sense. This entire project doesn't make
>> > sense. The issue is that we are sending confidential patient records
>> > through a private network.
>> >
>> > Instead of using something like PKI encryption (like I use at the
>> > police station where I also work), this business model decided that
>> > all mail should be sent out their private network. Then
>> they can check
>> > if the receiver should be receiving email in the first place. They
>> > originally wanted to take control of my mail server, and I
>> would pick
>> > mail up from them for all my users and I said no to that. We are
>> > retaining control of our network, and mail server and relaying all
>> > outbound mail out this new connection. Incoming mail will
>> transfer as
>> > normal from all sources except from this private network which could
>> > have confidential patient records, and it needs to come in this new
>> > connection from an authenticated mail server to my box.
>>
>> If this is just for mail, why not run another instance of sendmail to
>> accept and forward between connections so you get logging and
>> a little
>> more control of what is forwarded?  If you want fairly
>> complete control
>> you can run something like MimeDefang as a milter and examine
>> it any way
>> you want before accepting.  You could run this instance on a
>> different
>> host or bind it to a different IP address and/or port and perhaps
>> require an ssl connection with authentication to connect.
> -----
> At one facility I work at we have two Exchange servers. One of them is on
> site and the other is remote hosted.
> On site mail server accepts ssl and authenticated connections from subnet A
> and B (two separate facilities). Actually subnet B is wireless then forwards
> smtp to remote server. Both servers sync with smtp and POP3. Basically the
> onsite server is a exchange archive server.
>
> Your better off setting up another sendmail server for fowarding and
> connection handling than going through you Elbow to get to your A$$ if you
> get what I mean. I tried that route your trying to do.
>
> The reason why they give you only info on Exchange is because it is more
> reconized in healthcare settings than an open source mail server. Novell
> would be next up on the list. "OpenVistA" is the only known Open Source
> server application that is widely accepted in the health care community and
> that you can have "Certified".
>
> JohnStanley
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
-=/>Thom