Grass-hopper
asked on
SMTP relay server on Solaris 9 setup.............
I am looking to setup an SMTP relay server within a Solaris 9 box.
The setup is as follows,
The smtp relay server will sit within a DMZ zone and will receive all the company email traffic.
If the email is addressed for jim@company.com then it will be forwarded on by the relay server, through the firewall and on to the company lotus notes server, which in turn will forward the mail to the recipient.
However, if the email comes in with the address john@application.company.c
It also must work the other way. The Solaris server must be able to send emails to the relay server, then it must be able to distinguish decide what type of email should go where. i.e. if the email is from user@application.company.c
A lotus notes domino server on an intel machine was mentioned to act as a relay server, but if sendmail can provide the same function then it would be preferable to use it.
Any help at all would be greatly appreciated
Cheers.
The setup is as follows,
The smtp relay server will sit within a DMZ zone and will receive all the company email traffic.
If the email is addressed for jim@company.com then it will be forwarded on by the relay server, through the firewall and on to the company lotus notes server, which in turn will forward the mail to the recipient.
However, if the email comes in with the address john@application.company.c
It also must work the other way. The Solaris server must be able to send emails to the relay server, then it must be able to distinguish decide what type of email should go where. i.e. if the email is from user@application.company.c
A lotus notes domino server on an intel machine was mentioned to act as a relay server, but if sendmail can provide the same function then it would be preferable to use it.
Any help at all would be greatly appreciated
Cheers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It doesn't matter whether DNS is being used by the protected network. From the relay server's view all that matters is that the server be able to equate the hostname in the target of the alias or virtusertable record with an IP. That can be done in the hosts file of the relay servers. You will have to configure the internal email servers to accept mail addressed to ath hostname.
The alias or virtusertable maps that I described above handle the routing. The left hand side (LHS) is the address of mail as it received by the relay server. The right hand side (RHS) is where the mail be forwarded to.
The alias or virtusertable maps that I described above handle the routing. The left hand side (LHS) is the address of mail as it received by the relay server. The right hand side (RHS) is where the mail be forwarded to.
ASKER
OK, so within the virtusertable can I just put the name of the server on the right hand side then if it is declared within the /etc/hosts?
for example,
@company.com lotusnoteserver
user1@application.com solaris9box (this is for any incoming mail from secure gateway to be forwarded on to only a specific user setup within the solaris 9 box)
@application.company.com securegateway
Also, where would you put the entry for ANY mails coming from the lotusnotes server - destined for external addresses - to go through a specific gateway?
Is this some sort of filter required?
Cheers.
for example,
@company.com lotusnoteserver
user1@application.com solaris9box (this is for any incoming mail from secure gateway to be forwarded on to only a specific user setup within the solaris 9 box)
@application.company.com securegateway
Also, where would you put the entry for ANY mails coming from the lotusnotes server - destined for external addresses - to go through a specific gateway?
Is this some sort of filter required?
Cheers.
ASKER
sorry,
second line in example should be
user1@application.company.
Cheers.
second line in example should be
user1@application.company.
Cheers.
Notice that my examples had a username on the right hand side. Using that form will require you to enumerate each user in the virtusertable. However you can do:
@comany.com %1@lotusnotesserver
@application.company.com %1@securegateway
No special rule is needed to handle outgoing email sent by notes through the relay.
@comany.com %1@lotusnotesserver
@application.company.com %1@securegateway
No special rule is needed to handle outgoing email sent by notes through the relay.
ASKER
the relay server is receiving the mail from the solaris9 system ( i can see the traffic between the two by using snoop on the relay server), but by the looks of it - is just sending it back to the solaris9 system.
I tried to send a test message from the solaris9box addressed to myemail@company.com (not actually sending to myemail@company.com - just substituted address for security purposes)
Root on the solaris9box then gets a mail with following error message..............
550 5.1.2 <myemail@company.com>... Host unknown (Name server: mycompany.com: host not found)
Final-Recipient: RFC822; myemail@company.com
Action: failed
Status: 5.1.2
Remote-MTA: DNS; company.com
Diagnostic-Code: SMTP; 550 Host unknown
Last-Attempt-Date: Thu, 16 Sep 2004 15:20:59 +0100 (WEST)
my /etc/mail/virtusertable looks as follows:
@company.com %1@lotusnotesserver
I also ran the the following command after editing the virtusertable:
makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable
and also restarted sendmail.
Still no joy.
Any ideas?
I tried to send a test message from the solaris9box addressed to myemail@company.com (not actually sending to myemail@company.com - just substituted address for security purposes)
Root on the solaris9box then gets a mail with following error message..............
550 5.1.2 <myemail@company.com>... Host unknown (Name server: mycompany.com: host not found)
Final-Recipient: RFC822; myemail@company.com
Action: failed
Status: 5.1.2
Remote-MTA: DNS; company.com
Diagnostic-Code: SMTP; 550 Host unknown
Last-Attempt-Date: Thu, 16 Sep 2004 15:20:59 +0100 (WEST)
my /etc/mail/virtusertable looks as follows:
@company.com %1@lotusnotesserver
I also ran the the following command after editing the virtusertable:
makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable
and also restarted sendmail.
Still no joy.
Any ideas?
What you are seeing on the solaris9 box is a natural result of trying to use Domain Based addressing on a machine that's not configured to be a member of a Domain Based environment. You addressed the message to user@company.com. The solaris9 box doesn't know that it is a part of that domain, since its hostname doesn't contain the domain information. Accordingly Sendmail tried to find the MX record for the domain by a DNS lookup, but that failed (Name server: mycompany.com: host not found). So it can't fingure out what to do with the message.
I'd solve the problem rather than trying to treat the symptoms. That would mean fixing the machine configuration so that it has a Fully Qualified Domain Name (FQDN). A side affect of that is that it could break existing applications and they'd need "adjusting". But eventually you'll need to fight that battle anyway.
With the solaris9 box reconfigured to be solaris9.company.com you can use an LUSER_RELAY definition in its Sendmail config and it'll know what to do with the mail.
I'd solve the problem rather than trying to treat the symptoms. That would mean fixing the machine configuration so that it has a Fully Qualified Domain Name (FQDN). A side affect of that is that it could break existing applications and they'd need "adjusting". But eventually you'll need to fight that battle anyway.
With the solaris9 box reconfigured to be solaris9.company.com you can use an LUSER_RELAY definition in its Sendmail config and it'll know what to do with the mail.
ASKER
Ahh, I see.
This will need to be looked at with the infrastructure team then to see about reviewing the DNS setup.
Everything else up to that point is working so you have answered my original question, hence points awarded.
Thanks for all your help.
This will need to be looked at with the infrastructure team then to see about reviewing the DNS setup.
Everything else up to that point is working so you have answered my original question, hence points awarded.
Thanks for all your help.
ASKER
I think I understand the concept of adding the domains etc, however there is aproblem there as we currently do not have dns rolled out within our network. We have a DNS server available and running, but there are no domains setup within it. The primary lotus notes server within the corperate network (not the dmz) is not using DNS. The current setup is that all mail directed towards our company comes to a gateway which in turn relays all the mail to the notes server.
However, the relay server and the solaris 9 system will both use DNS and will come under a newly created domain.
Will the lotus notes server have to use DNS for this to be implimented?
Also, where would you put the setting to forward any mails from the relay server to a specific gateway if they have a certain email adress - i.e. user1@application.company.