In message <m0yui7L-0005w8C@???>
Brad Mohning writes:
> We would like our internal mail server to forward all outbound e-mail to our
> bastion host for final delivery.
>
> Has anyone implemented such a scheme in exim? Is it even possible to impleme
> nt such a scheme with relay control?
Yup, the site here has exactly this setup. The firewall bastion machine
receives all mail for the site, and then forwards that mail to the
internal mail hub. For outgoing mail, the mail hub sends everything
thru the bastion machine.
We use a combination of DNS servers to control the MX records, and
Exim configuration to direct the mail according to the MX records.
The bastion host uses a DNS resolver that points to a DNS server
on the internal network. That allows incoming mail to be redirected
to the mail hub (really multiple machines, depending on the domain
name. We also serve some downstream UUCP sites.) The internal DNS
has the "real" routing MX records. DNS servers outside the firewall
simply know how to direct mail to bastion machine.
The internal mail hub uses the Exim smarthost configuration to
send outbound mail to the bastion machine. Details for smarthost
are in the Exim documentation.
This kind of firewall/mail setup is described fairly well in the
book "Building Internet FIrewalls" from O'Reilly & Assocs (
www.ora.com)
Recommended reading for securing your site, though it does not
discuss spam problems in any kind of detail.
Good luck
--
Randall Raemon
rlr@???
--
*** Exim information can be found at
http://www.exim.org/ ***
