raymond breen wrote:> Hi Guys,
>
> Just recently installed shorewall and had it up and running in no time
> with the basic config. I have installed and configured sendmail and
> would like to use it as a relay to our internal exchange server. I have
> setup the relay domains and domain routing so sendmail should be sorted
> out.
>
> I have setup the following rules but and not got any errors besides a
> refused connection when I receive email, seeing as this is a live
> firewall and live mail, I don''t want to be taking it up and down
like a
> yoyo, nevermind potentially loosing mail, so any advice would be greatly
> appreciated guys :)
So you are not seeing any "Shorewall" messages?
>
> # Allow inbound e-mail from internet to sendmail server.
> DNAT net fw:10.1.1.77 tcp smtp
Are you having sendmail only listen on this internal IP address? If so
WHY? If you configure sendmail to listen on 0.0.0.0, then you can do
what the other 99.99999% of users would do in this case and:
ACCEPT net fw tcp smtp
>
> # Allow inbound e-mail to be relayed to exchange
> #ACCEPT net loc:10.1.1.254 tcp smtp
>
> # Allow sendmail to send DSN''s
> ACCEPT fw net tcp smtp
>
You of course also need:
ACCEPT fw z:<xchange IP> tcp smtp
where ''z'' is the zone where your Exchange server resides.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net