Creating a "mail gateway"
Ian Petersen
ispeters-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Jun 12 04:33:56 UTC 2008
On Wed, Jun 11, 2008 at 8:59 PM, Lennart Sorensen
<lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org> wrote:
> I have never used OpenVPN, so no idea what it does. I use openswan
> IPsec for such things.
My understanding, which could be flawed, is that IPSec is a Swiss Army
Chainsaw for doing things with encryption and authentication on the
internet. OpenVPN is a VPN, nothing more. The reviews of IPSec that
I've read make it sound like it's complex enough that you have to know
exactly what you're doing or you'll end up creating a really insecure
tunnel, rather than a VPN. On the other hand, OpenVPN is supposed to
be nearly trivial to install and configure and it's secure by default.
OpenVPN also has the benefit of being cross-platform, so using
OpenVPN means I don't have to rely on Microsoft's IPSec
implementation. (I have no idea if Microsoft did a good job
implementing IPSec--I don't even know if Microsoft implemented it at
all--but OpenVPN allows me to proceed without caring.)
> If you configure the exchange server to use the private IP of the
> Debian mail server as it's mail server to send through, then it won't be
> going through the default route but rather through the VPN to the other
> subnet.
That makes a whole lot of sense. Now I'm going to have to learn about
configuring a mail server to just ferry mail back and forth. What
should I be searching for? "Store and foward"? I'll look again at
the link Jamon provided, and see what I can find on Google by myself,
but any links or search terms that you think would be helpful would be
much appreciated.
> For example:
>
> exchange server
> 192.168.1.10/24
> default gateway: 192.168.1.1
>
> gateway router
> 192.168.1.1/24
> external IP
> default gateway: internet
> VPN link to hosted server with 192.168.2.0/24 subnet
>
> hosted server
> 192.168.2.1/24 on secondary interface or optionally dummy0
> external IP
> default gateway: internet
> VPN link to gateway router with 192.168.1.0/24 subnet
>
> Both end of the VPN link knows about the other private network and that
> they can route to it through the VPN. So the exchange server simply has
> to deliver mail to 192.168.2.1 and the hosted mail server delivers
> incoming mail to 192.168.1.10
Thanks for the example--I think that'll help with configuring everything.
Ian
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list