Some new software is available to permit you to set up sendmail
running on a system hidden behind a firewall so that it "thinks"
it can directly deliver email both to hosts on the internal
network, as well as to hosts "outside" on the internet, without
having to use an SMTP smart host outside the firewall.
The proxy_connect() routine is linked into sendmail as a drop-in
replacement for the connect() system call in daemon.c.
proxy_connect() consults a table to figure out which IP addresses
are available for direct connect on internal networks, and which
IP addresses need to be connected via the "pseudopod" application
proxy that runs on a firewall. The pseudopod proxy has firewall-
style permit/deny rules that screen connections.
Although proxy_connect() and pseudopod were whipped up specifically
for sendmail, they ought to work just fine for any tcp application
(for which you have the source) that runs behind a firewall, and
which you would like to permit, with screening rules, to transparently
connect to both internal systems and systems on the outside beyond
p.s. I'm having some trouble posting to comp.mail.sendmail, perhaps
someone else could help.