General Information on Secure Mail Servers
The mail handler on the Firewall will forward all incoming
mail to a centralized mail handler to store and route mail to and from
the hosts in the inside network. Use this function to identify the
appropriate servers.
When you add a service, that service is enabled. When you remove a
service, that service is disabled.
Note:For security purposes, you should only send mail from the Firewall when the administrator
has a telnet session to the Firewall on port 25.
Otherwise, the secure domain name of the firewall may be exposed to
the world. The AIX mail facility will bypass the Firewall mail
gateway when sent from the Firewall locally.
Hints for Configuring Firewall Mail Services:
- Configuring internal mail servers with two domains - Secure and Non-secure
If you do not want your internal domain to be visible to the outside
world, you can configure the internal mail server to have two domains - secure
domain (or the internal domain) and non-secure domain (or the external
or public domain.) Once this is done, mail from the outside world will be
received as addressed to user@outside_domain. For this to work, external and
internal DNS, and the internal Mail server must be configured properly.
- Configuring internal mail servers with same domains, externally and internally:
If you want your internal and external domain to be the same, you
can configure the internal mail server to have the same domain names.
For this, you can use the same name for the external and the internal
domains when configuring Mail. Once this is done, mail from
the outside world will be received as addressed to
user@inside.domain.
- External DNS - The outside world should know you by your
domain name. That is, there should be a record on the external DNS, which looks as follows:
domain.company.com. 999999 IN A xxx.xxx.xxx.xxx
where xxx.xxx.xxx.xxx is the IP address of the non-secure
interface on the Firewall.
or an MX record on the external DNS, which looks as follows:
domain.company.com. 999999 IN MX 0 fwall
where fwall is the hostname of the non-secure interface on
the Firewall. This hostname is the name defined in the data file
on the external DNS as follows:
fwall 999999 IN A xxx.xxx.xxx.xxx
If you are connecting to the internet, ask your Internet Service
Provider (ISP) to put these entries in their DNS.
- Internal Mailserver - The internal mailserver should be configured
such that mail not destined to your local domains will be relayed
to the Firewall, which in turn will deliver externally.
Further Information