Date: Wed, 2 Jan 2002 17:41:19 -0500 (EST) From: Scott Nolde <scott@smnolde.com> To: Joel Dinel <dinjo@touchtunes.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Mail server scenario Message-ID: <20020102172214.D910-100000@bsd.smnolde.com> In-Reply-To: <20020102144804.A364@sunder.touchtunes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
smacked into the keyboard previously by owner-freebsd-questions@FreeBSD.ORG: >Date: Wed, 2 Jan 2002 14:48:04 -0500 >From: Joel Dinel <dinjo@touchtunes.com> >To: freebsd-questions@FreeBSD.ORG >Subject: Mail server scenario > >This one's probably aimed at the experienced mail admin out there. This >is not stricly FreeBSD-related, but since a lot of intelligent people >read/post here (yes, I am kissing major ass!) I'm sure I'll get a >solution by the end of the week. > ><Deep breath> > >I need to setup a (new) mail server for a small LAN. This particular >setup is a bit complicated, because a lot of the users travel, and use >different ISP accounts depending on where they are (Europe, Asia, US). >Right now, the mail server to be replaced is running sendmail on Linux, >with open relays (yes, I know). I'm planning on migrating it to FreeBSD >, running Postfix. I chose Postfix because I know it, and it's simple to >configure/maintain. Obviously, I don't want this new server to openly >relay everything. It'll relay for the lan (192.168.), and for travelling >users. > >The big picture here is that I don't know the IP of the "roaming" user X >in advance. I'd need to be able to pick up a laptop, head to China, get >a local ISP account and send mail through this particular mail server. >The clients that do so all run Win98/Win2k/WinNT. > >The mail server is behind a firewall, that also acts as a VPN gateway. >The VPN client software that we use is Win32 based. So far, I thought >about a possible use of the VPN client to get the mail, but connections >still appear as outside, routable IPs to the mail server. I've also got >the whole "smtp through a SSH tunnel" thing in my head, but I don't have >enough experience with that scenario to know if it will solve my >problem. > >Any suggestions are welcomed. > >Thanks in advance, > >-- >Joel Dinel >GnuPG key : http://darkhost.mine.nu:81/~joel/mykey.asc > Well, OpenSSH port forwarding comes to mind. If a small license for SecureCRT for each of your users or a little Cygwin install with OpenSSH for the users doesn't bother you it's a great little VPN. Have each user open a ssh connection to the firewall which forwards the connection to the mail server. All the smtp connections will appear as if they originate inside the network. Another option is to use SSL/TLS where the mail server accepts from clients with a certificate. Pass the SYN packet of the SMTP session to the mail server and the let the mail server advertise TLS only to your clients and the client will take it from there. Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020102172214.D910-100000>