Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Domain setup questions
« previous next »
Pages: [1]   Go Down

Domain setup questions

  • 2 Replies
  • 454 Views

Gary Stark

Domain setup questions
« on: April 09, 2001, 04:02:43 PM »
G'day y'all,

These are probably fairly basic questions, but I am a newbie wrt e-smith, and Linux.

I currently have a production webserver running NT40, IIS, and M$ Exchange. It lives on a permanent dialup connection and hosts a couple of domains through some static IP addresses. These domains each comprise hosted website and email facilities.

www.domain1.com = ann.bnn.cnn.dn1
www.domain2.com = ann.bnn.cnn.d12

Everything works reasonably well, and certainly pretty much as I expect.

However, M$ Exchange is difficult to secure against spam. While I've done all that I can to remove any relays, I do believe that my security in this realm could be better.

I'm currently evaluating e-smith to see how well it may meet my needs as a replacement for my current setup. So far I have it running on a 3 node LAN - quarantined from my main network - and after some issues with a couple on non-recognised NICs, I now have it talking to W2KPro and W98 boxes on that quarantined LAN.

I have the default website operational, and can access that website, and using webmail, send and retrieve email on that network.

The next step for me is to start to replicate the other parts of my existing setup. That involves setting up the various websites as needed, which I believe I would put into i-bays, and the virtual domains.

This leads me - finally - to my first question: My upstream ISP has given me the static IP addresses I am using, as well as an IP address in their system that I am connecting to. How will I, in a production environment, point the internal IP addresses - 192.168.1.1 and 192.168.1.whatever to the external static IP addresses that I've been given?


Question #2 relates to my email setup.


One of my needs is that I do have a couple of outside users who need access to email on my server, such that user x dials in to their local ISP and logs in using a POP3 email client - typically Pegasus or Outlook - to my server to retureve and post email.

When I'm travelling, I sometimes also need to do this as well. One answer seems to be to use the webmail interface, but I would rather use a traditional client.

So, how do I set this up, while still denying relays?. Can the qmail setup be configured so that it will permit postings only from users known to the system, as distinct from those who might be physically local to the system?


Finally, can I configure the server to deny postings based upon something like the MAPS RBL, and if so, how do I do this?

Thanx in advance for any and all help.
Logged

Tom Peck

Re: Domain setup questions
« Reply #1 on: April 10, 2001, 10:51:42 AM »
>>>How will I, in a production environment, point the internal IP addresses - 192.168.1.1 and 192.168.1.whatever to the external static IP addresses that I've been given?<<<<

How do you mean "Point"?  I'm assuming that your E-Smith box will have 2 NIC's, one for the internal network, and one for the external network (internet).  Once this is setup, your E-Smith box will act as both IP's on the internal network, and block anything coming from the External NIC to accessing the Internal One.  So they will not have any problem accessing your Static External IP as it will seem on the internal network.

>>>So, how do I set this up, while still denying relays?. Can the qmail setup be configured so that it will permit postings only from users known to the system, as distinct from those who might be physically local to the system?<<<<

E-Smith sets it self up to automatically deny relays from the external network, so this wont be a problem.  The only problem will be if you want to use a "traditional client" to check your emails from outside the network, then port 110 will have to be opened up to the outside (it is closed by default for security precautions).  IPCHAINS makes this an easy task.

If you are dialling up your ISP (or what ever) to connect to the internet then you should be able to send your e-mails via their SMTP service should you not?  If this is the case, then relaying will not have to be altered on the e-smith box.
Logged

Gordon Rowell

Re: Domain setup questions
« Reply #2 on: April 10, 2001, 11:32:57 AM »
Tom Peck wrote:
> [...]
> E-Smith sets it self up to automatically deny relays from the
> external network, so this wont be a problem.  The only
> problem will be if you want to use a "traditional client" to
> check your emails from outside the network, then port 110
> will have to be opened up to the outside (it is closed by
> default for security precautions).  IPCHAINS makes this an
> easy task.

As long as you have applied the 4.1.1 updates, you should just be able to set POP access to "public" in the manager. POP access is set to "private" by default, and it should stay that way unless you have a specific reason to do otherwise.

However the software will automatically change the ipchains rules and hosts.allow settings.

> If you are dialling up your ISP (or what ever) to connect to
> the internet then you should be able to send your e-mails via
> their SMTP service should you not?  If this is the case, then
> relaying will not have to be altered on the e-smith box.

Yes. This is also in the FAQ on www.e-smith.org

Gordon
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Domain setup questions