Results 1 to 5 of 5

Thread: email config

  1. #1
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Flint, MI

    email config

    In our current situation we have 2 email servers. Internally, we have a Microsoft Mail server
    that handles all our mail between employees. Every employee has an account on that server.
    Externally, our ISP is hosting our SMTP server to handle our Internet mail. Only certain employees
    have accounts with our ISP.

    Here is the situation. We want to replace Microsoft Mail with a Linux solution. Sendmail, qmail, postfix,
    etc. doesn't matter. Every employee will need an account on this server to handle the internal mail system.
    We also want this machine to pull email in from our ISP's POP server. Here is the problem. Since this
    machine will be running SMTP, how do we restrict which employees have the ability to send mail out of our
    system? We don't want everyone sending messages to the Internet, but some people still have to. But everyone
    still needs to be able to send internal messages.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    The Great White North
    This is just a thought and may be more work than you planned on but I think you might be able to control it via a Firewall rule(s). My thought here would be to create a rule for those who allowed to send and receive Internet mail which would require the user to authenticate to the firewall (out-bound), once authenticated, those users would be allow to send & receive SMTP, all other users would be dropped at the firewall.
    The downside is the 'authorized' users would have to be trained and remember to authenticate or their mail would be stopped, also, it would have a degree of administration associated to this solution.

    Just a thought Souleman.


  3. #3
    Senior Member
    Join Date
    Jan 2002
    Don't know exactly how you would do it - but presumably it would be possible to write some sort of filter which prevents relaying of messages to an external address if their return path isn't an authorised internal address.

    This doesn't prevent forged messsages from getting out, but stops the users with internal access only from trivially sending messages out to the internet.

    I suppose the next level up would be to insist that all messages relayed out to the internet are digitally signed by a key that has been certified - which makes it difficult to forge. This would also require some effort on the part of admin and users - however it might be desirable for messages to be signed anyway.

    Users of other external mail systems that don't understand the signatures would be ok though they'd just see a bit of cruft along with the messages.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    make sure the people who need to send external mail have win2k. configure the smtp server on each mach to send, and point their client to loopback. Everyone else internelly can use the linux smtp server and everyone uses the pop server. You interal DNS machines should send internel mail from the 2k machines to the destinations on the linux box without passing you gateway.

    your firewall would need to be set for any outgoing smtp or list all the allowed machines
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Senior Member
    Join Date
    Nov 2001
    argosoft has a freeware version of their mail sever that would also work. you could also keep the ms server on the network just for outgoing mail, set a password to athentacate and set it in the clients.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts