sendmail SMARTHOST

[Derek Martin]

On Thu, Apr 14, 2005 at 09:20:43AM -0400, Paul Lussier wrote:
> "Michael ODonnell" <michael.odonnell at comcast.net> writes:
> > But I also can't tell waldo that it's in some other domain (either
> > real or fictitious) because that ain't true, either.  So, where's
> > waldo?
> 
> This is where it gets hairy.  You can do this, but it's a whole lot
> easier if the domain you make waldo part of, does in fact exist.  It
> also depends upon your motivation for having a different domain behind
> your firewall.

It doesn't, really -- the steps are essentially the same whether the
domain exists or not -- only the specific configuration data (mainly
the domain name) changes.  

You can set up your systems to be in a separate domain that doesn't
exist, but you'll still tell your mailer to pretend to be in
comcast.net.  Actually this is the normal case for e-mail software on
PCs...  That is, it makes no assumptions about what domain the sender
is in based on the name or domain of the host -- the user can and
usually MUST configure it.  It's really no different with sendmail on
Linux; the only difference is that if you have your own real domain,
you can use it instead of using your ISP's domain.


> Case A:
> If you're just fooling around, and want to have a little network
> behind your firewall and have e-mail to/from family members on that
> network appear to be from some pseudo/make-believe domain which you
> haven't registered, yet you want mail outbound to the world to still
> work, it's a little complicated.

It's not, really, as you yourself said later in the same post.  Just
configure sendmail to masquerade as comcast.net, as you mentioned
before.  Everything else is done as if you were using your own real
domain, with respect to inside hosts.  Done.  There's no DNS to set up
for outside hosts (i.e. you don't need MX records and such)...  I
think this option is actually slightly simpler.

> What you need to run this domain is some way to do hostname<->IP
> address resolution[1] and a way to send mail.  For simplicity, we'll
> just use host tables on each system[2] and assume all the other
> network parameters are correctly and statically assigned[3].

Host files are easy to configure, but hard to maintain.  Every time
you add a host, you have to update the files on every existing system.
Still, if your network is going to stay small, you can avoid learning
about how to set up DNS if you'd rather not bother...

By contrast, DNS is a nice way to go.  You have two options here, too:
let your name server do all its own look-ups of host that aren't
yours, or have it forward requests to your ISP's servers.  Both
options have advantages.

Do it yourself:  If your ISP's name servers stop working, you don't
care.  Yours keep working, as long as your connection to the Internet
keeps working.

Forwarding:  The reality is that this option will probably give you
better performance.  BIND caches data, so any recently used host names
will be in the cache.  Your ISP's servers will be a lot busier than
yours, so the odds of the host you're trying to visit being in the
cache will be much, much greater.

The real down side of forwarding is that DNS search order breaks (this
might be fixed in BIND 9, but was definitely broken with BIND 4.x -- I
haven't tried it since then).

Say you have this in your resolv.conf:

  search pizzashack.org example.com dancer.net
  nameserver ns1.example.com
  nameserver ns2.example.com

You want to look up a host called funky, in dancer.net.  Usually this
would sufice:

  $ nslookup funky
  Server:	192.168.0.1
  Address:	192.168.0.1#53

  Name: funky.dancer.net
  Address: 192.168.1.69

But if your server is configured for forwarding, it would only ever
check for funky.pizzashack.org, and never find funky.dancer.net unless
you gave the FQDN.

Again, this may have changed since bind 4.x, but I haven't used
forwarding name servers since then...  Oh and BTW, the example is
totally fictitious...  Er, I mean it isn't as it turns out, but I have
nothing to do with that domain, and pulled it out of...  You get the
idea.  =8^)

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20050414/e3f90999/attachment.bin