Jeff LaCoursiere asks:
>I would RATHER have the internal spooler send outgoing mail to the
>bastion host (smapd) and have the bastion host relay outgoing mail
>to our provider's mail hub. How can I configure the bastion host's
>sendmail to accomplish this selective forwarding??
Our internal spooler has its configuration file hacked so that
anything that is not local and does not have rover.com as the destination
must be for the outside and so is punted direct to the firewall and
has the originators name changed so that it looks as if all mail to
the outside world came from the firewall. All details can be found in
Sendmail: Bryan Costales and Eric Allman pulished by O'Reilly.
If it helps, I can send the relevent part of the sendmail.cf, aw what the
hell, here it is, our rulesets for our internal mail hub. the macro
$H is defined as the name of the firewall forwarding mail to the outside.
S0 # Punt to hub with names changed looking like came from hub
# if the mail is not local
R$+ @
rover .
com $@ $#local$:$1
R$* $#ether $ @
$R $:$1
S3 # local users made to look like they are from the hub
R$*<$*<$*>$*>$* $3 denest
R$*<$+>$* $2 basic RFC822 parsing
R$*<>$* $n RFC1123 <>
R$- $@ $1 @ $j user => user @
thishost
S10
R$+ @
$+ $: $1 @ $[$2$] canonify the hostname
R$+ @
$+ $@ $1 @ $H user @
thishost => user @
hub
R$+!$+ $@ $2 @ $H thishost!user => user @
hub
R$+%$+ $@ $>3 $1 @ $2 handle % hack thishost
R$* $@ $1 default, unchanged
Mether, P=[IPC], F=mDFMuCX, S=10, R=0, A=IPC $h
Mlocal, P=/bin/mail, F=rlsDFMmn, S=0, R=0, A=/bin/mail -d -r $f $u
Mprog, P=xxx, A=Required by sendmail but unused
The Firewall machine has its configuration file similarly hacked
so that anything not destined for domain rover.com is sent to our
service provider.
Hope this helps. This way the mail link at the Firewall is only
at the application level and no holes for mail have to be opened.
Lyndon David.
Follow-Ups:
|
|
