Creating a "mail gateway"

Ian Petersen ispeters-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Jun 12 04:33:56 UTC 2008


On Wed, Jun 11, 2008 at 8:59 PM, Lennart Sorensen
<lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org> wrote:
> I have never used OpenVPN, so no idea what it does.  I use openswan
> IPsec for such things.

My understanding, which could be flawed, is that IPSec is a Swiss Army
Chainsaw for doing things with encryption and authentication on the
internet.  OpenVPN is a VPN, nothing more.  The reviews of IPSec that
I've read make it sound like it's complex enough that you have to know
exactly what you're doing or you'll end up creating a really insecure
tunnel, rather than a VPN.  On the other hand, OpenVPN is supposed to
be nearly trivial to install and configure and it's secure by default.
 OpenVPN also has the benefit of being cross-platform, so using
OpenVPN means I don't have to rely on Microsoft's IPSec
implementation.  (I have no idea if Microsoft did a good job
implementing IPSec--I don't even know if Microsoft implemented it at
all--but OpenVPN allows me to proceed without caring.)

> If you configure the exchange server to use the private IP of the
> Debian mail server as it's mail server to send through, then it won't be
> going through the default route but rather through the VPN to the other
> subnet.

That makes a whole lot of sense.  Now I'm going to have to learn about
configuring a mail server to just ferry mail back and forth.  What
should I be searching for?  "Store and foward"?  I'll look again at
the link Jamon provided, and see what I can find on Google by myself,
but any links or search terms that you think would be helpful would be
much appreciated.

> For example:
>
> exchange server
> 192.168.1.10/24
> default gateway: 192.168.1.1
>
> gateway router
> 192.168.1.1/24
> external IP
> default gateway: internet
> VPN link to hosted server with 192.168.2.0/24 subnet
>
> hosted server
> 192.168.2.1/24 on secondary interface or optionally dummy0
> external IP
> default gateway: internet
> VPN link to gateway router with 192.168.1.0/24 subnet
>
> Both end of the VPN link knows about the other private network and that
> they can route to it through the VPN.  So the exchange server simply has
> to deliver mail to 192.168.2.1 and the hosted mail server delivers
> incoming mail to 192.168.1.10

Thanks for the example--I think that'll help with configuring everything.

Ian
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list