From owner-freebsd-questions  Tue Nov 10 15:24:03 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA04090
          for freebsd-questions-outgoing; Tue, 10 Nov 1998 15:24:03 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from enya.hilink.com.au (enya.hilink.com.au [203.8.14.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA03972;
          Tue, 10 Nov 1998 15:23:18 -0800 (PST)
          (envelope-from danny@enya.hilink.com.au)
Received: from localhost (danny@localhost)
	by enya.hilink.com.au (8.8.8/8.8.7) with SMTP id KAA14999;
	Wed, 11 Nov 1998 10:22:24 +1100 (EST)
	(envelope-from danny@enya.hilink.com.au)
Date: Wed, 11 Nov 1998 10:22:23 +1100 (EST)
From: "Daniel O'Callaghan" <danny@hilink.com.au>
To: Juergen Nickelsen <ni@tellique.de>
cc: Chad Thunberg <chadth@atvideo.com>, freebsd-security@FreeBSD.ORG,
        freebsd-questions@FreeBSD.ORG
Subject: Re: firewall + internal mail server
In-Reply-To: <362F773A.AB9F196B@tellique.de>
Message-ID: <Pine.BSF.3.96.981111101405.14930A-100000@enya.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



On Thu, 22 Oct 1998, Juergen Nickelsen wrote:

> the external mail server, but it only forwards the mail to the
> internal mail server.(*) The firewall also acts as FTP and WWW server, 
> but since the mail resides only for seconds on it, the risk is
> minimized.
> 
>     As we are just a few people here yet, this is bearable, but for a
>     long-term solution I'll have to work out a sendmail configuration
>     where the mail exchanger for the domain delivers the mail to a
>     non-MX. I am sure there is a simple way, but I don't know it yet.

In this situation I use the TryNullMXList option, and declare
domain.com with the IP of the internal mail server, while the external
mail server has the highest priority MX.

TryNullMXList means "if I am the best MX for this domain, but don't handle
the domain myself, try the domain as a host, rather than generating local
config error".

Works a treat!

Danny


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message