We help IT Professionals succeed at work.

What domain, how to mail?

cmw asked
Last Modified: 2010-03-18
I'm not sure how to setup the following config:
Linux should connect to ISP, fixed IP. ISP (demon) knows the machine as <something>.demon.nl
I also want run a local domain (like home.net), with a couple of other machines. Those machines should use the Linux pc as a gateway to internet (masqerading), and query the DNS on the linux PC only. They will be configured using DHCP. I have gotten Linux to dial-up the ISP, have got the DNS to work so that all requests are handled were I want them, but...

currently the hostname is <something> and the domain is demon.nl. I'd really like to change that to <myLinux>.home.net, and add home.net to the local DNS. I would assume that <something>.demon.nl must still be used for the ISDN connection to ISP, and use the local names for eth0 and other IP's (192.168.7) I want to use.

Will this work, without causing trouble for ISP? Also, is there something in the DNS I should look into, currently the DNS handles, and forwards everything else through ISP DNS (using forwarding).

Next step would be to get the Linux PC to act as mail relay, but I receive e-mail using SMTP, so I must be known as <something>.demon.nl when connecting to ISP. All mail sent to <somebody>@<something>.demon.nl is delivered to me, so I want to be able to decide on a per <somebody> basis if the mail should go local on the Linux PC, held until another machine in my domain connects and uses SMTP to retrieve any mail waiting for it, or rejected (bounced). All local (to my machine) mail should be processed straight away. Mail intended for a machine in my doamin should be held until it connects. All mail that should go outside, should be sent to mailer of ISP, once or twice a day. Mail shouldn't build the connection itself, which might be a problem. Current config is setup so that any reference to an IP outside of 192.168.7.xxx or will start a connection to ISP, which is dropped after 30secs.

Not looking for a cook book answer, just the most relevant points. I can config the DNS, modify route tables and the like. I know nothing about sendmail, but have quite a lot of docs, it is knowing where to look for the right options, and how to combine that is causing the probs.
Watch Question

you cannot change your domain and expect it to go public..

Mail:  Local mails will always work.  If you try to mail outside or vice versa while the connection is down, it will stay at the mail server until the connection is up again.
I am not sure if that's what you are asking....



I don't want the domain to go public, I want Demon to know me as <something>.demon.nl, and all local machines (i.e. 192.168.7.xxx) to know each other by name (my local DNS would resolve those). The local machines would be masqeraded when going outside. A machine kan have more than one IP, but only belong to one domain???? Also, isn't domain/name something for DNS lookups? But as far as I know, Demon requires the <something>.demon.nl for email delivery. So I want a private domain for the local traffic, and pretend that all the machines are <something>.demon.nl when connecting to internet.

With regard to mail thing, based on the setup I want to achieve, what are the sendmail options to look into?

You can ask your ISP to give your account a fixed IP address, that will give you the option getting your own domain, with your own sendmail receiving all mail directly.


With Demon I get a fixed IP, together with the <something>.demon.nl. So that part is covered. What I want to know is how to combine that with a private local setup, and using masqerading, sendmail, a local DNS to run things smoothly.

I'm confused by the domain / IP relation. If one machine (i.e. the Linux PC) has two IP's (195.xxx.xxx.xxx -Demon & -local gateway), to which domain should it belong? Or is that a matter of choice?

Somewhere I read that with Demon you could run a local domain (and choose any name you want), and still connect to Demon without causing problems. I've racked my brains, but couldn't find that info again, so I'm still looking. All the FAQ's etc mention some stuff, but don't get close enough for me. All the Demon specific stuff uses the Linux side standalone, mine should also gateway for a local net.

First a warning, Demon is probably not dialing to you when there is an incomming connection, I.E. when someone want to send mail to you directly, such that unless you will stay connected for several hours each days, you won't get email, more about it later, but be aware that it something you should be aware of it before starting the whole stuff.

Ok, there is no forced relationship between the domain and the IP, even in the so-called back resolving (in-addr.arpa) resolving.

The task list to achieve your goal is:
1) register a new domain. This will include:
 a) prepare 2 well connected hosts (that is hosts that are 100%
  of the time on the Internet, NO isdn stuff) as DNS's for the      new domain.
  (It is a service most probably offered by Demon)
2) Let's assume that your new domain is "mydomain.co.uk"
   Let's assume that the host name for your linux 195.x.x.x IP
    is meAt.demon.co.uk.
   Let's assume that the two DNS machines that will handle
   your external domain are:
      ns0.demon.co.uk and ns1.demon.co.uk
   Let's assume that Demon's customer mail-relay is:
    relay-1.mail.demon.net (it's probably the case, check it)
3) Setup the dns info for mydomain.co.uk to look like this:
    (replace where apropriate.. keep ending dots "." where they are)
$ORIGIN co.uk.
domain      IN      SOA      mydomain.co.uk myusername.mydomain.co.uk.
      (  98062600 28800 7200 604800 86400 )
      IN      NS      ns0.demon.co.uk.
      IN      NS      ns1.demon.co.uk.
      IN      MX  20  mailin.mydomain.co.uk.
      IN      MX  30      meAt.demon.co.uk.
      IN      MX  50  relay-1.mail.demon.net.

$origin mydomain.co.uk.
mailin      IN      A      195.xxx.xxx.xxx
linux      IN      A
pc1      IN      A
etc.... (etc.... is not part of the file.)
so far for the file, what does it says:

I) the last time this domain info was changed was on
 98062600 - that is 1998 June 26 - revision 0
 (you should INCREMENT this record each time you modify,
 the best way is by changing the date, and if it's the same day
 increment the revision number)
II) When trying to send mail to xxx@mydomain.co.uk. do:
a) try to send directly to mailin.mydomain.co.uk.
 (it is the preffered because it has the lower MX value)
b) if (a) fails try to send to meAt.demon.co.uk. he will know how to send it over. (it's not really necessary since it's the same IP address, you can (should) remove this setting, it is more for your understanding).
c) if (a) and (b) fails, send to relay-1.mail.demon.net., he
 will know how to send it to me.

So actually if someone can't reach you directly, mail will be stored (for something like 4 days ... no guaranty) on  and if by chance you are connected when
relay-1.mail.demon.net., is running the queue, the message will
be transmitted to mailin.mydomain.co.uk.

Some ISP's do have mechanisms to dequeue mails from MX when you connect, some don't, ask Demon if they provide such a service, if so they'll much likely give you another hostname to replace
"IN      MX  50  relay-1.mail.demon.net." with.

4) Be sure that your linux will knows that he belong to domain
mydomain.co.uk. and that he is "mailin" (or whatever you'd like
but make it the same everywhere).
To check use the "hostname" command, it should reply
with "mailin.mydomain.co.uk".

5) You can add more domains like this, that will end up in
local mailboxes on "mailin.mydomain.co.uk", or other
pseudo hosts by adding names your Linux should accept mails
for in the file "/etc/sendmail.cw"
If you don't have such file, look into sendmail.cf
for the line beginning with: "Fw"
By default it should be:

The file itself could look much like this:
# sendmail.cw - include all aliases for your machine here.
It is useless to add here "receptors" that are not
defined by the dns system, the role of this file is to let
sendmail know that THIS machine running sendmail is the last
mail stop for addresses@names in the list , that he should
check that a local recipient exists (i.e. a linux local account)
and if it doesn't the mail should be rejected.

Have fun.

I am sorry, I missed the .nl, and assumed that it was Demon in UK, no offense intended, the procedure is the same,
except that their mail relay is probably:
and their DNS's are probably:
ns0.demon.nl and ns2.demon.net

but you should check those with them anyway.
Good luck



I'm impressed by your answer, but either I've asked the question incorrectly, or you might have misread. The Local domain should really be hidden from the internet. As far as the outside world knows, there's only me.demon.nl (with IP 195.xxx.xxx.xxx), and the only mail-id reachable from the outside is <anything-goes>@me.demon.nl. This is exactly as it is now, not using Linux. Demon already stores e-mail, so when I connect and start SMTP (now I'm using Agent/W95), I get all mail.

When receiving mail from outside, I want to route the mail to one of the machines in the local net, using only the <anything-goes> part, as the rest will allways be me.demon.nl. Of course, when somebody on one of the local machines sends mail to somebody on the other machine, that should go straight through, not touching demon at all. It would be nice if I could address local mail be sending it to <somebody>@local.hidden.net (or similiar). If I want to experiment with FTP/HTTP etc.. AND use a local machine (not the one that knows demon), it should be reachable through the same dummy domain. Again, demon should not be involved here.

I'm guessing that if I want people from the outside to reach HTTP/FTP services I run on locally, I must then run them on the machine that also has the demon IP (and keep the connection going myself).

Say I add a W95 box to the local net. I would want to configure TCP/IP to use DHCP, and be done. The Linux PC should hand out a valid 192.168.7.x number, and provide internet access. If I desire, adding info to the sendmail setup should then also let that W95 box to send/receive e-mail using a particular <anything-goes>.me.demon.nl.

That would keep the internet connection stuff all in one place (Linux), allow me to devide the <anything-goes>@me.demon.nl into more usefull parts, AND allow me to bounce mail addressed to things like stupid@me.demon.nl. In the current setup that would be received, I have no 'good' way of blocking that. Unless I pay $$$$ for something running on W95. W95 just isn't stable enough to handle a task like that, and I depend quite a lot on e-mail (for at least two of those <anything-goes>).

I hope this clarifies the question, and I apologise if I'm not getting the point across.
Unlock this solution and get a sample of our free trial.
(No credit card required)



This does help, one last remark! Am I correct in assuming:
1. Linux PC gets host <me> domain: demon.nl
2. Add the local.hidden.here domain to local DNS

This part still confuses me somewhat, Demon finds the Linux through me.demon.nl, the local net (using local DNS), can find it through: mealso.local.hidden.here.

How do the hostname (domain) settings in Linux interact with the rest? It seems to me that most of the TCP/IP setup is done through other settings, and that the hostname stuff is just a global setting used by one or two packages. I've added 50 points for you (I'm sorry, I don't have much more at the moment), hoping you could clarify that interaction.




Oops, I've messed up, forgot the extras, I'll post a another question for 50, you answer it, you get 50 points and A rating.

The domain name system is just a way to ease-it up on humans, such that instead of remembering ip numbers, they could name hosts. It's much like a telphone book, You can have multiple numbers for a person and multiple subscribers under the same number.
If you have two telephone numbers in your office, one is an external line in the demon.nl area code, and one is a private exchange in your company, nothing prevents you to use the same
type of telephone book (or database) for both of them.
And if your office happend to be the mail delivery department, insiders would dial the private exchange number, while outsiders will dial you demon.nl telephone company number.

Mainly for security and identification purposes, it is better
to let your Linux identify itself as member of the well know international telephone system called Internet (by default),
I.E. when he sends mail out, after contacting the recipient host,
the linux system will send a message "HELO my.name.my.domain"
if the recipient is checking that the HELO message is valid,
then if it was me.hidden.here, the recipient will not accept
the message, however if the recipient get HELO me.demon.nl,
and check if this one is known to the international IP book ;-)
he will find it, he will find that the IP address trying to send him the mail is actualy me.demon.nl, and he will accept the mail.

And BTW, the local net can also find me.demon.nl, if you set the machines default gateway to the linux ethernet... it'll work.
The linux will get the packet as if he have to forward it, and actualy will forward to itself.

Perhpas another hint, the DNS distibuted with latest versions of linux has security holes, it is probably worth to download the latest *distributed* version from www.bind.org, but keep it in mind for later, you have already alot to do on your bunch.

Don't worry too much about the points, I just tried to exprime
that deserving *ready* stuff is alot of work, doing tricks with sendmails can take hours to polish and finish, and since you can achieve about the same with setting the aliases file like this:
robert:            rob@his95.hidden.here
Joan:            misc@macintosh.hidden.here
(whithout the need to open for robert or Joan a local account on linux)
and I see no good reason why you need the extra of modifying
sendmail rules, I tried to push you into forgeting about it.
Only a few ISP's or major coorporations actualy do it.
(and also some wizards & hackers on their own machine..ok)

Get started, run into troubles, and let me know, I'll help you.
I think I understand now (maybe too late) that you are not too
experienced with the Linux (or unix) system.

If your linux is up and running, create the zone files for your
hidden domain, and if you wabt mail them to noc@golan.net, I'll review them so you'll be sure that they are ok.



Well, no, I'm not an experienced Linux user (or unix for that matter). But I'm usually quite reasonable in getting things going. The local box does dial out to demon when the traffic has to go that way, the local DNS runs as I expect it to (I'm keeping a very close eye on the ISDN activity, if I get it wrong the telephone bill will go through the roof). Also I had no trouble getting the Xserver running, sound etc..etc. It is just that most docs are either very practical (not offering the conceptual part), or very conceptual, so then I miss out on the practical part. So when I wanted to IP's I found out that nobody really explained the HOSTNAME vars in relation to the gateway function. I would assume that a gateway is machine that belongs to the local network, and knows how to get out. But as out was Demon (and expects certain things), I started wondering, and as your answer indicates, it is better to leave the gateway with demon names (at least those two that I have to setup when starting). And if the DNS is ok, I know the other machines will be able to find my linux under any name I want them to.

So basic functionality is nearly complete, and once the masqerading stuff runs the way I want it (seems straightforward enough), I'll be ready to move all mailing activity to Linux. Sendmail doesn't look easy, but I've bought the book, and am in no rush.

Anyway, it started out by wanting to keep certain e-mail out, as I explained, W95 is not good enough and my past 6 months with W98 suggest that that is not much better. Once the decision was taken to use Linux, I then discovered that Linux will also run Novell and MS/IBM alike network traffic, neat. I tried Slackware, RadHat and Suse, and stuck to the latter. Slackware seemed no so coherent, RadHat does to much in X for me, Suse has great ISDN integration, and most tools work well without X.

Up to now I've been very impressed with almost everything Linux offers, except program editors. Of course it is a matter of taste, but I'm used to brief (for 10 years or so), and find adjusting to the Linux ones a bit of trouble. (I know of Crisp, but that costs money, I'll probably get round to writing one myself, or just use W95 for editing).

Anyway, thank you very much for all the information. If I get stuck, I'll know who to ask.

"So basic functionality is nearly complete, and once the masqerading stuff runs the way I want it (seems straightforward enough), I'll be
       ready to move all mailing activity to Linux. Sendmail doesn't look easy, but I've bought the book, and am in no rush. "

Very Cool !!
I have read the first and then the second version several times,
when you actually implement something out of it, you feel as if you hold one of the most garded secrets of the world, it makes you feel so good !! On the other hand, many who have bought this book can't find the time to cope with it, and it's just sitting on their shelf while they say that sendmail (or the book) is bad,
so don't give up too easily (and don't expect it to be easy).

I think there was a shareware Crisplite ... editor.

I understand why you want to use your favorite editor,
I am lucky to have my favorite one (vi) on all the platforms I use, Linux, WinXX, Macintosh, Atari ST and finnally my Psion handheld. I know it's not the best, but it's the one I got used to, one funny thing  is that lately I found that there is a color visual implementation of vi, called e3 from http://www.softwarebuero.de (part of their development platform)
and I was very happy to see My C code in colors in a VI environment, the bad side of it is that I stoped to program an I am playing with colors ;-)

Ok, 'nougth,
Good luck !
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.