Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

'Smart Host' configuration of SendMail??

Status
Not open for further replies.
hskr4evr

hskr4evr

Technical User
Sep 17, 2002
35
0
0
US
Hello.

My internal network consists of prviate IP addresses (192.168.0.0) and is protected by a Cisco firewall.

My ISP doesn't provide a 'smart host' for me to use for email nor does my Cisco firewall provide that function.

I was told I need to install Linux onto a machine and configure it to be a 'smart host' for my network.

This is my first attempt at Linux.

Does this Linux server need to sit outside my firewall and configured with one of my public IP addresses??? If so, how do I protect this Linux box from being hacked or used as a SPAM relay???

Any help would be much appreciated.

Thank you...
 
Sort by date Sort by votes
Hello,

I think that you are confusing different things.

The first thing is to tell you that if you have your email server outside the firewall with only the smtp service available is the same as having it after the firewall with a rule that allows SMTP traffic (port 25). Anyway, is usual to have more services than one available on the server, so firewalling is recommended (for example you may have SMTP and POP3 available, but you want to allow POP3 only for the LAN,....)

The mail server needs a real IP (both for the outgoing and incomming mail) so if you put the server behind the firewall, you have to choices: have the real IP on the server and filter it with the firewall or use the filtering in conjunction of NAT (Network Address Translation).

This way you'll have your server protected except for the SMTP service that must be open for this kind of traffic. It also allows a hacker to use bugs, vulnerabilities, etc.. on this service to try to hack your system. But you can't exclude this risk. The firewall will log the connection attempts.

So you must keep clear that you'll have an open door if you need a mail server. This way, you'll also have the risk of spam on both ways: receive incomming spam mail and use of your mail server as an outgoing mail for spam. These can be avoided with a proper configuration of your mail server (relay-domains and access features).

Just a thing about smarthost. If you are using "dial-up" connections like DSL, maybe your IP is included on black lists DUL,... so all the mail servers using this kind of lists won't allow your mail server to contact them for delivering mail. If this happens, you'll have to "force" your ISP (the one that is giving you the static IP) to take off your IP from those lists. This kind of servers are often used for mail spam, so you should be excluded from the lists and if you are afraid of incomming spam and can afford it, use these non-free lists in conjunction with sendmail to reject incomming mail.

Excuse my poor english. I hope I explained it correctly. If you don't understand anything or have more questions, just post again. Bye,

jmiturbe
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Agent0007
  • Locked
  • Question
HELP Traffic Control of IP
Replies
2
Views
54
Agent0007
Agent0007
sandy4tektips
  • Locked
  • Question
Masquerading is not working in sendmail
Replies
0
Views
43
sandy4tektips
sandy4tektips
theniteowl
  • Locked
  • Question
Parsing data out of files
Replies
0
Views
48
theniteowl
theniteowl
BobMCT
  • Locked
  • Question
Why does a new virtual host return permission denied?
Replies
1
Views
58
ChrisHirst
ChrisHirst
ahm1985
  • Locked
  • Question
Remote host said: 451 Upstream SMTP server not available/
Replies
4
Views
428
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top