I. preparation:
Address: assume that the permanent external address of the firewall Linux Server is. b. c. d (eth0), internal NIC address 192.168.11.5 (eth1), machine name: firewall.domain.com, internal email server address: 192.168.11.1, machine name: mail.domain.com, the host name entered during domain registration is dns.domain.com (. b. c. d ).
Idea: first configure the DNS server to resolve the domain name of @ domain.com and specify the MX record to the internal email host mail.domain.com. use this firewall only as the mail relay host. Any emails sent from the external world to the @ domain.com domain are processed by it and relay to the internal email host. Only emails suffixed with @ domain.com are accepted, this prevents spammer from sending spams.
On the Internal email server, set the DS part of Sendmail to firewall.domain.com, send any emails sent to non-internal employees directly to firewall.domain.com, and set domain.com to this region, any emails sent to the @ domain.com domain are processed by internal aliases and sent to the Email Buffer Pool of internal users.
Travel user considerations: if a company employee needs to receive emails from the company's server on a business trip, one way is to directly dial the local ISP, and then set the receiving mail server to mail.domain.com, however, mail.domain.com must be resolved to the permanent external address of the firewall, so that plug-gw proxy can be set on the firewall, proxy any requests to port 110 of the firewall's external address to port 110 of internal 192.168.11.1.
Another method is to create a server to dial in to the server for Linux and directly dial in to the company to receive emails.
Ii. Sendmail configuration and related settings
(1) Sendmail configuration on the firewall:
We use Redhat Linux 6.1 and Sendmail 8.9.3 as the operating environment:
The configuration of the operating system and firewall is omitted. We recommend that you use a 3c905b or Intel pro100 Nic to configure DNS first.
Set/etc/named. conf as follows:
================
Zone "."{
Type hint;
File "named. ca ";
};
Zone "0.0.127.in-addr. arpa "{
Y no;
Type master;
File "127.0.0 ";
};
Zone "11.168.192.in-addr. arpa "{
Y no;
Type master;
File "192.168.11 ";
};
Zone "domain.com "{
Y no;
Type master;
File "domain.com ";
};
The file 192.168.11 is as follows:
@ In soa dns.domain.com. root.mail.domain.com .(
1999092201 86400 3600 3600000 86400)
NS dns.domain.com.
1 PTR mail.domain.com.
5 PTR firewall.domain.com.
The file domain.com is as follows:
@ In soa dns.domain.com. root.mail.domain.com .(
1999120401 86400 3600 3600000 86400)
NS dns.domain.com.
A. B. c. d
MX 10 mail.domain.com.
Firewall A a. B. c. d
Mail A a. B. c. d
Dns A. B. c. d
Add the following row to/etc/hosts
192.168.11.1 mail.domain.com mail
192.168.11.5 firewall.domain.com firewall
================
To configure Sendmail, you must first create a file to generate/etc/sendmail. cf sendmail. mc file, which has a default Redhat during redhat installation. mc is in the/usr/lib/sendmail-cf/cf directory.
We changed it to the following:
==============
Divert (-1)
Dnl This is the macro config file used to generate the/etc/sendmail. cf
Dnl file. If you modify thei file you will have to regenerate
Dnl/etc/sendmail. cf by running this macro config through the m4
Dnl preprocessor:
Dnl
Dnl m4/etc/sendmail. mc>/etc/sendmail. cf
Dnl
Dnl You will need to have the sendmail-cf package installed for this
Dnl work.
Include ('../m4/cf. m4)
Define ('confdef _ USER_ID, ''8: 12)
OSTYPE ('linux)
Undefine ('ucp _ RELAY)
Undefine ('bitnet _ RELAY)
Define ('confauto _ REBUILD)
Define ('confto _ CONNECT, '1m)
Define ('conftry _ NULL_MX_LIST, true)
Define ('confdont _ PROBE_INTERFACES, true)
Define ('procmail _ MAILER_PATH, '/usr/bin/PROCMAIL)
Define ('Alias _ FILE, '/etc/mail/aliases)
FEATURE ('smrsh, '/usr/sbin/smrsh)
FEATURE ('mailertable, 'hash-o/etc/mail/mailertable)
FEATURE ('your usertable, 'hash-o/etc/mail/Your usertable)
FEATURE ('domaintable, 'hash-o/etc/mail/domaintable)
FEATURE (redirect)
FEATURE (always_add_domain)
FEATURE (use_cw_file)
FEATURE (local_procmail)
MAILER (procmail)
MAILER (smtp)
FEATURE ('Access _ db)
FEATURE ('blacklist _ recipients)
Dnl We stronugly recommend to comment this one out if you want to protect
Dnl yourself from spam. However, the laptop and users on computers that do
Dnl not hav 24x7 DNS do need this.
Dnl FEATURE ('Accept _ unresolvable_domains)
Dnl FEATURE ('relay _ based_on_MX)
==================
Then use m4 redhat. mc> sendmail. cf to generate sendmail. cf and put it in the/etc directory. Perform the following operations:
1. change/etc/sendmail. in cf, Fw is defined as Fw/etc/mail/sendmail. cw and create an empty file sendmail. cw # touch/etc/mail/sendmail. cw)
2. Change/etc/mail/mailertable as follows:
Domain.com relay: [192.168.11.1]
Run makemap hash/etc/mail/mailertable. db </etc/mail/mailertable
3. Add the following line to/etc/mail/access as follows:
Domain.com relay
Run makemap hash/etc/mail/access. db </etc/mail/access
Note: you do not need to set/etc/mail/relay-domains, because you only accept emails sent to the @ domain.com domain, which can be done through access, after receiving an email with the suffix @ domain.com, the email is immediately forwarded to the internal host 192.168.11.1.
4. Add the following line to/etc/mail/relay-domains (if not, use vi to create one)
192.168.11.1
Note: Only the email host mail.domain.com (192.168.11.1) on the Intranet segment can send emails to it. users in the Intranet segment cannot set the SMTP server to firewall.domain.com (192.168.11.5)
(2) configuration of the internal email host mail.domain.com:
Use the sendmail. cf file generated below and make the following settings changes.
1./etc/hosts
192.168.11.5 firewall.domain.com firewall
192.168.11.1 mail.domain.com mail
2./etc/resolv. conf
Search domain.com
Nameserver 192.168.11.5
3. Add the following lines to/etc/mail/relay-domains (if this file is not available, use vi to create one)
192.168.11
Note: Allow users on the Intranet segment to send emails to it and allow firewall machines to forward emails from outside.
4. Add the following lines to/etc/mail/sendmail. cw.
Domain.com
Note: An email sent to @ domain.com from an intranet segment is considered as a local host/domain, and the/etc/mail/aliases file is used to find the alias.
5. Set the alias file/etc/mail/aliases
Assume that there are three users in the region. The email accounts are jephe, jack, and tony.
The alias file is set as follows:
Jephe: jephe@mail.domain.com
Jack: jack@mail.domain.com
Tony: tony@mail.domain.com
Note: In this case, you can maintain a common address book on the LAN for each of the internal users to use. Address Book can use jephe@domain.com, jack@domain.com, tony@domain.com. They are also public addresses.
6. Set DS in/etc/sendmail. cf to DSfirewall.domain.com.
Note: All emails not in the @ domain.com domain are forwarded to the firewall for processing, and are directly sent to various places after searching based on dns mx.
7. Set DM in/etc/sendmail. cf to DMdomain.com.
Other functions:
8. Set the/etc/mail/access file to block spam from some domains/addresses.
9. Set/etc/mail/domaintable to convert some fields. If your company domain name is prone to errors, such as a user often mistake the jephe@domain.com into a jephe@doman.com, you can put doman.com into domaintable You can put down the line to/etc/mail/domaintable, similarly, run makemap hash/etc/mail/domaintable. db </etc/mail/domaintable
-----
Doman.com domain.com
-----
You can also put doman.com to/etc/mail/sendmail. cw to achieve the same purpose, whether sent to the jephe@domain.com or jephe@doman.com.
(3) windows customer Configuration
For windows clients on the LAN, the sending/receiving mail server is set to mail.domain.com, the DNS server is 192.168.11.5, and a common address book maintained by the network management is used, it contains the email addresses of all users in the company. You can set the DHCP server to automatically configure settings for each windows client on the internal email server.