If I understand your question, the answer is yes. Your DNS or an external DNS server holds your MX records, and you just have to put each domain you want to receive mail for under "Proxies">"SMTP Relay">"Incoming Mail">"SMTP Route Table".
... you just have to put each domain you want to receive mail for under "Proxies">"SMTP Relay">"Incoming Mail">"SMTP Route Table". ...
[/ QUOTE ] Yes, I have already done that. However, I can only add one SMTP host and that's it. It won't allow me to have more than one. If I try to add another, my existing host will be replaced by the newly added SMTP host. Maybe it was designed to be just that.
what javelin means is to behave the SMTP entry like an DNS server. In DNS you can set several MX records (MaileXchange) with different priority. Example: domain.com -> mail1.domain.com (10) domain.com -> mail2.domain.com (20)
Which means that if mail1 is not available for some reason, the request is forwarded to mail2. If you set the SMTP host in the 'SMTP Relay' settings in ASL, you can only set ONE host and not several. Thats what javelin is looking for... (isn't it ??)
Did you maybe try to make SMTP with option "By DNS MX record"?
If I understand it right, then your FW should ask DNS to which server to send mail to and if first one is not accessible, then it should send it to second server.
what javelin means is to behave the SMTP entry like an DNS server. In DNS you can set several MX records (MaileXchange) with different priority. Example: domain.com -> mail1.domain.com (10) domain.com -> mail2.domain.com (20)
Which means that if mail1 is not available for some reason, the request is forwarded to mail2. If you set the SMTP host in the 'SMTP Relay' settings in ASL, you can only set ONE host and not several. Thats what javelin is looking for... (isn't it ??)
[/ QUOTE ]
Hi Karsten,
You've described my question better than I had presented it, thank you.
And have answered it as well: "If you set the SMTP host in the 'SMTP Relay' settings in ASL, you can only set ONE host and not several."
Wouldn't it be something if ASL allows multiple entries.. [:)]
i agree with you, i would also like to be able to set an alternate SMTP server for one domain.
But i think it depends on your kind of Network design. If you setup an internal DNS server with the neccessary MX-records and tell your DNS-Proxy in ASL to ask also the internal DNS first then you should be able th change your SMTP-Proxy entry like this:
domain.com :: by DNS MX record ::
If you do so, MY question would be: If i use ASL for my internal DNS-server as forwarder and tell ASL-DNS-proxy to ask also internal proxy, ins't that a loop ???
I changed my SMTP-proxy entry as you have indicated (::by DNS MX record:[:)] and running two sendmail servers - a Linux(production) and the other is a SunOS(still in progress).
Upon sending an email(Linux) to the internet, my Mail Delivery Subsystem would send me a reply with the following error:
550 cannot route to sender address .
I also tried entering just the domain name in the Hostname(MX) field thinking that it would forward email to either server
depending on priority and availability and here's the loop:
553 5.3.5 mydomain config error: mail loops back to me (MX problem?)
So, with the ASL version that I have, I'm possibly limited to only one MX hostname. Or again it could be that ASL is designed just that - one Hostname (MX).
For now, if I want to receive emails for either server, I have to manually change the Hostname(MX) and SMTP host for each server accordingly.
If you managed to get this configuration to work, please let me know... [:)]
You need to use 'by DNS MX record' as mentioned. Then ASL needs to know where to send the mail. Assuming that your two mail servers are behind ASL then ASL needs to query an internal DNS server so it gets the internal IPs. Otherwise it knows what the outside knows which is the ASL and you get a loop.
This 'dummy internal domain' DNS also solves other problems when your web servers and such are inside and internal users otherwise try to go to the outside ASL IP and you make all kinds of NAT rules to fix. Internal DNS fixes those problems including email.
If this is the case then setup an internal DNS with a copy of the domain but will return the internal IPs when queried. Set ASL's DNS proxy to forward to this DNS server. The internal DNS server should in turn forward to a server that can resolve everything else on the outside.
This sounds doable. Is this a theory or is it a configuration that you have implemented.
I'm a bit unclear about your last sentence in terms of packet forwarding. That is if I have setup an internal DNS server and ASL would query internal first, then that would mean I have to have another means of reaching the Internet without going through ASL. Otherwise it would go into a loop. Hence, your suggestion of having the internal server forwarding to another server that can resolve for outbound packets. That is how I interpret your suggestions. If I understood you correctly, then I don't have the resources to implement that now but it's really something to think about.
Not exactly. Routing doesn't change. You only have to implement an internal DNS server (the linux box is perfect for this). On that server you set-up your domain and it is just like the DNS the outside users see except any hostnames that are actually inside will resolve the inside iPs for your inside users. ASL also points to this server so your MX (and as many MX records as you want) will work as expected.
I mention packet forwarding because many people set-up complicated rules to handle the problem with DNS where internal users get the IPs of their own servers as the outside sees them. Meaning they try to hit the external interface of ASL when the servers are actually inside from their point of view.
Not theory, in practice for many years. You have a DNS somewhere that the world sees and another that the internal users (and ASL) sees. And you get the benefit of DNS caching.
Sorry if it isn't clear, it is late and my brain hurts.....
I appreciate very much for your taking the time to explain this a little more.
It makes a lot of sense to me now. I need to make some changes to my zone files and do some testing. I hope to gain as much experience in implementing this so that one day, I may also speak by experience.
I appreciate very much for your taking the time to explain this a little more.
It makes a lot of sense to me now. I need to make some changes to my zone files and do some testing. I hope to gain as much experience in implementing this so that one day, I may also speak by experience.
