I was wondering how to go about setting up a mail server that is behind a firewall…
We have an MS Exchange server to accept mail on mydomain.com (mail.mydomain.com) accessable outside of our network.
We also have our linux server to accept mail on linux.mydomain.com (firewall severely restricts this server).
Is it possible to send mail from outside the firewall to firstname.lastname@example.org? We can pretend for a second that the main server (MS Exchange) is a postfix server. How would it be done in this situation? Would I use virtual domains? I would imagine that any ideas that would apply to the postfix MTA can also apply to Exchange.
Is the only way to do this to open the firewall to port 25? I would assume I can make an MX record to point linux.mydomain.com at mail.mydomain.com and maybe “massage” it from there.
Just to clarify I would like any mail destined for email@example.com to be routed through mail.mydomain.com and transferred over (since mail.mydomain.com will be able to communicate to the internal linux server).
Any suggestions would be greatly appreciated.
This is really an Exchange issue. You have to get it to accept mail for the new domain and to forward it to your Linux machine, which should be configured to accept mail from the LAN and also for that domain. I don’t know how it’s done for Exchange. I assume it’s possible.
I understand it may be an Exchange issue, but in my quest for knowledge, I was wondering how it would be implemented if the mail.mydomain.com was a linux machine running postfix.
You add linux.mydomain.com to relay_domains and you also specify
relay_transport = hash:/etc/postfix/relay-transport
You have to hash the file using postmap to create /etc/postfix/relay-transport.db which is what is actually read. If you add this map to /etc/sysconfig/postfix POSTFIX_MAP_LIST, it gets done automatically after each YaST configure. This is assuming you haven’t taken control of main.cf yourself.
This assumes that linux.mydomain.com is a valid domain name that resolves to the internal IP address of that machine. If not, substitute the IP address in the brackets.
And of course on linux.mydomain.com you have to accept mail for that domain.
Thanks ken_yap, that is exactly what I was looking for.