Craig White wrote:
> On Thu, 2005-10-27 at 20:26 -0600, Philip Prindeville wrote:
>
>
>> I'm running FC3 (updated) on a handful of machines.
>>
>> I have a single IP address, with a NATing router set to that
>> address. I have a domain, and an MX which points through
>> the router at my mail server (or rather, the router is configured
>> to port-forward 25, 143, etc to the mail server).
>>
>> I also have several mail clients on my 192.168.1.x network.
>>
>> The issues are the following:
>>
>> * the clients have a smart host (DS) defined as the mail relay,
>> but they canonical its name and then look it up in the DNS,
>> trying to contact it on the external IP address (and not its
>> internal 192.168.1.x address in the /etc/hosts file). My
>> /etc/nsswitch.conf file is unmodified.
>>
>> * the clients then try to relay the email with a sender's envelope
>> address as user(a)host.my-domain, which the relay rejects
>> because "host.my-domain" doesn't resolve in the DNS.
>>
>> * I should probably have define(`LOCAL_RELAY', `:$S') to
>> handle forwarding everything to the mail server.
>>
>> I used to know all of this stuff once upon a time...
>>
>> Am I missing anything?
>>
>
> ----
> I've never used 'LOCAL_RELAY' so I can't help you there. I typically
run
> my own DNS servers inside the LAN so that the name resolution is
> completely under my control - where
mail.mydomain_name.com would resolve
> to an internal mail server which handles end delivery (or smart host
> delivery).
>
> If you don't want to run your own DNS, it's just simpler to use smart
> host pointing directly to the ip address of your mail server directly
> instead of a name which loops the connection outside of the trusted LAN.
>
>
Gah! I thought about that, but I was hoping there was a less
heinous fix.
-Philip
> Craig
>
>
>
>
Actually, if you run bind you can implement views on your DNS boxen,
which allow you to serve up different zone (A,MX,etc.) records to
different networks/hosts. It's a breeze to configure and essentially
eliminates the issue you're (and about a million other net admins) are
running into.
for more info.
David-Paul Niner
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.