Creating a "mail gateway"

Ian Petersen ispeters-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Jun 11 19:08:22 UTC 2008


Hi list,

My father is stuck using Rogers as his ISP because the DSL connection
is his area is terrible.  He runs a business from home and uses
Exchange for his email server.  (He's somewhat married to Microsoft,
despite 6 or 7 years of me trying to change his mind--Exchange isn't
going anywhere anytime soon.)

As was mentioned on this list, Rogers has recently made it a
requirement that you log in to some web interface and add all your
outgoing email addresses to some list before their relay will allow
your email to pass.  My father is unwilling to use this interface on
principle.  I told him we could probably make use of a virtual private
server running Linux to get around Rogers' annoyances.  I imagined
that he could rent something like a Slicehost machine, set up a VPN
between home and the VPS, and then arrange his network such that mail
comes and goes through the VPS, rather than through his Rogers IP.

We went ahead and created a Slicehost account and it's configured with
Debian Etch.  I've secured it as best I know how and intend to spend
Fathers' Day making OpenVPN work on the Debian machine and on a
machine at my father's house.  I realized, though, that my cursory
understanding of TCP/IP routing might be getting in my way here.  I
was expecting to configure his mail server to use the Debian machine
as the default gateway (ie. the mail server would get to the internet
by going across the VPN and out the Debian machine), and have the
Debian machine port-forward the incoming mail port (25?) directly to
his mail server.  I figured this would be a minimally-invasive change
to his network settings and should "just work".  I realized, though,
that it may not be so simple because whichever machine is running the
OpenVPN connection needs to know to use the Rogers cable modem as the
default gateway in order to get the tunneled packets out to the
internet in the first place, and you can't have two default gateways.

Can someone here suggest a solution?  What I'd like is for my father's
DNS records to have the Debian machine's IP in their MX records, and
for his Exchange server to be able to send and receive email through
the Debian machine so he can ignore all of Rogers' nonsense.  As I
mentioned in a previous post to this list, I have a copy of "Linux
Networking Cookbook", so I think I'll be able to set up iptables to do
whatever port-forwarding and routing is necessary, but I'm struggling
with the overall network architecture.

Thanks,
Ian
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list