Autor: Bill Moseley Datum: To: Exim Users Mailing List Betreff: Re: [Exim] I wish HELO had never been thought of!
On Fri, May 16, 2003 at 03:04:31PM -0400, Greg A. Woods wrote: > [ On Friday, May 16, 2003 at 05:28:18 (-0700), moseley@??? wrote: ]
> > Subject: Re: [Exim] I wish HELO had never been thought of!
> >
> > So what's the proper exim setup when machines are on a NAT'ed network?
>
> The NAT _MUST_ appear to be invisible for all intents and purposes, no
> matter which way the SMTP connection is going through it.
I assume that does not include a received header that might track internal flow.
> If you can't get the mailer behind the NAT to work properly and
> transparently and fully honour all the rules of SMTP and DNS, just as if
> the NAT were not there, then you have a bogus and invalid configuration.
So the options suggested so far:
- use a smarthost
- spoof my HELO to be my NAT machine so reverse works
- add "external" view DNS A records for my internal machines all pointing to my NAT machine
so reverse works.
I think the smarthost is the best plan, and then pick some method to securely use the
smarthost when I'm on the outside of the smarthost.