In our organization there's a well-defined (and mostly exim-based) internal
(on the WAN) email routing. Internally every site have a 'mail' aliases that
point to un-authenticated and un-encrypted local server, so mobile users can
move from site to site and send email transparently.
But we have also some other users that use an external domain (say
verylongname.it), and so receive email via IMAPS from imap.verylongname.it
and send email (authenticated and encrypted) to mail.verylongname.it.
But for now, and i think for a long time, most of the recipient will be
internal, so it is really stupid to simply ''pinhole'' the firewall and let
the email to go out, to see them get back from the border gateway.
I'm thinking about:
1) overload 'mail.verylongname.it' in the internal DNS, and this is very
easy.
2) enable TLS on exim, and configure it to simply ignore authentication (or,
better, accept for 'mail.verylongname.it' any user and password provided).
The only trouble remain the certificates mess (the internal server reply as
the external one, but with a wrong certificates) but i think this can be
cured client-side.
Point 2) can be done in some way? Thanks.
--
Dicono che la mafia ricicla i soldi sporchi in titoli di Stato. Ma è
naturale: volete che la mafia affidi i suoi soldi a gente sconosciuta?
(Beppe Grillo)
