LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Need Advice; 3 NIC's; High Volume Mail Server; Sendmail; Iptables? (https://www.linuxquestions.org/questions/linux-networking-3/need-advice%3B-3-nics%3B-high-volume-mail-server%3B-sendmail%3B-iptables-387703/)

Killer Bassist 11-29-2005 05:35 PM
Need Advice; 3 NIC's; High Volume Mail Server; Sendmail; Iptables?
 
:Pengy:Good day:Pengy:
Hello again to the linux questions community.
I am seeking advice as to how I should set up a High Volume Mail Server with sendmail. The unit has 3 Intel 1000 Pro NIC's that I have already set up, and are working fine as far as connectivity is concerned. Two of them have static addresses, and one (that I use for administrative duties only) is DHCP. Perhaps in the future I'll set it up as a failsafe device.

Here is the desired outcome. I would like to set up the machine so one of the NIC's exclusively sends mail to the outside relay. I dont want it to accept any traffic aside from whatever is needed for reverse dns lookups (if any?). The second NIC I would like to accept incoming SMTP connections.

I have already put a line in my .mc reading
Code:
DAEMON_OPTIONS(`Port=smtp,Addr=IP_ADDR, Name=MTA')dnl
If I am not mistaken, this will tell sendmail to only listen on the one adapter for smtp connections. To limit the connectivity on the other device, should I use IPTables? Any advice? An alternate suggestion on how I should set up this system? Is it sendmail that stipulates the outgoing device, or is it another daemon of sorts?

Any advice that you are willing to give, I'll listen to.

Thanks, Dylan

XOR007 12-02-2005 02:02 PM
U R on track : DAEMON_OPTIONS(`Port=smtp,Addr=IP_TO_LISTEN_ON, Name=MTA')dnl should B enough. But if I were U I would drop port 25 traffic on the other eths using iptables. Good luck!

Killer Bassist 12-02-2005 03:33 PM
Thanks a bundle =D

XOR007 12-04-2005 11:40 PM
Quote:
Originally Posted by Killer Bassist
:Pengy:Good day:Pengy:
... Two of them have static addresses, and one (that I use for administrative duties only) is DHCP...

...
I have already put a line in my .mc reading
Code:
DAEMON_OPTIONS(`Port=smtp,Addr=IP_ADDR, Name=MTA')dnl
If I am not mistaken, this will tell sendmail to only listen on the one adapter for smtp connections...
Since you are talking about a high volume mail server, notice that if the two static addresses are public and reachable through a router, the DAEMON_OPTIONS line almost changes nothing. The DAEMON_OPTIONS line only tells sendmail to handle packets that have destination address IP_ADDR only.

Also remember to restrict relaying through the /etc/mail/access.

Quote:
To limit the connectivity on the other device, should I use IPTables? Any advice? An alternate suggestion on how I should set up this system? Is it sendmail that stipulates the outgoing device, or is it another daemon of sorts?

Any advice that you are willing to give, I'll listen to.

Thanks, Dylan
Do you have multiple routes to the internet with bandwith constraints?

Routing of any internet protocol traffic is done by the kernel, more precisely netfilter. Which you can administrate through iptables.

:jawa: You can never say it to much: an open relay will not last a few hours on the internet before being suspended by the ISP for abuse.

Good luck:)


All times are GMT -5. The time now is 08:52 PM.