Thom Paine wrote:
> The other issue we are having is that I need to run LDAP on that
> server for syncing address books to send email with. So not only do I
> need mail and LDAP, but I need ssl and authentication and
> certificates.
Those are all included - why not run them?
> I do have another box here that I had planned on using for the
> forwarding taks, I suppose that I could set it up to accept mail and
> forward to the main server. The main server could still use the smtp
> smarthost as the outbound default mailer and go out the second
> server's connection?
Yes - the one thing to watch out for is the possibility of forwarding to
addresses that don't really exist, especially if there is any chance
that this server can you can get hit with spam or anything generated by
viruses. In this case you'll accept the message and forward it on to
another host that will have to generate a bounce message and try to
return it, probably also to an undeliverable address. If you have LDAP
in the picture you can probably use it as the 'local user' lookup before
accepting. Otherwise you might use sendmail's virtuser table to map the
legal address to the forwarder so you can quickly reject anything else.
Or with MimeDefang you can verify that the destination address will be
accepted via SMTP before accepting for forwarding.
> I guess what I really need is a Cisco 515 router. I should have
> thought of that a while ago.....
They are nice to impress people who might ask if you have a firewall,
but you can do pretty much the same things with iptables or access lists
on your border routers.
--
Les Mikesell
lesmikesell at gmail.com