> I'd like to route all external mails going inside to one mail server.
> During mail connection, every workstation working independantly connects
> to external mail servers directly without going to mail server.
> The same external mail going inside.
> Our policy is to permit all output but restrict input but direct mail
> connection made it hard.
> That you for your suggestion.
>
> ---
> Kim
Define MX list in your name server as below.
@ SOA
IN MX 10 internal mail server
IN MX 20 external mail server
Then define packet filter in the router connected to your ISP like
this (If it were CISCO, otherwise please consult the vendoer's manual).
permit tcp any external_mail_server smtp
A host on Internet attempts to connect to the internal mail server for
the first time, because its preference value is lower than the
internal one. The connection, however, can not be established, because
the packet is discarded by the router. So, the host tries to the
external server and sends mail successfully.
The external server having received the mail, transfers it to the
internal server, because deletes itself from MX list.(Cunsult RFC974).
Nobuhiko Yoshimoto
Nihon Keizai Shimbun Inc.
yoshi @
nikkei .
co .
jp
References:
|
|
