On the bastion host edit your macro configuration file to include a mailertable entry:
FEATURE(mailertable, `hash -o /etc/mail/mailertable')dnl |
and then add the following to /etc/mail/mailertable:
mydomain.com SMTP:[xxx.xxx.xxx.xxx] (where xxx = the ip address of the desired internal host) |
then run the command makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable
In the /etc/mail/access file of the bastion host add a line which explicitly allows relay from the internal mail host and then using the internal network address (e.g. 192.168.1.0) add a 550 rejection message so that none of your internal hosts can relay directly through the bastion host. Something like this would work:
internal.domain.com RELAY 192.168.1.0 550 Use internal.domain.com as your SMTP host! |
in the macro configuration file on the internal host add a line like this:
define(`SMART_HOST',`bastion.domain.com')dnl |
add the internal network address to the /etc/mail/access file on the internal mail host so that the clients will be explicitly authorized to relay through it. This should work fine:
192.168.1.0 RELAY |
The result will be that inbound mail to domain.com will be routed directly to the internal host using the mailertable entry and all outbound mail from the internal host will be relayed through the bastion host while SMTP attempts directly from the clients through the bastion host will be rejected.
Prev | Home | Next |
4.10 My clients sometimes get 30 to 40 second delays when they try and send mail through our mailhost, but it works fine other than this delay. We've checked everything and there just doesn't seem to be anything obviously wrong with our configuration. What else should we check? | Up | 4.12 I have a static IP, but I'm on a dial-up. My ISP pulls secondary MX for my domain. When I connect I can't seem to get mail. What should I do? |