setting up a local outbound mailserver at home for dialup

Joseph Mack NA3T jmack at wm7d.net
Wed Nov 19 07:03:14 EST 2003 

On Wed, 19 Nov 2003, Stephen P. Schaefer wrote:

Hi Stephen,

	I thought if anyone replies to this it will be you.

> If you're NATed, then any failure of reverse DNS would be a failure to
> reverse DNS the address to which you are NATed, which is presumably a
> public address, and not a 192.168.1.0/24 address.

hmm. Since sendmail on the router is started at boot (before I dial out),
then sendmail will only be bound to the inside (private) IP. If I send
mail from the box after I dial-up and have ppp0, are you saying that
sendmail will send from the IP on ppp0?

> I've heard that some ISPs use private addresses and then then NAT at the
> central office, but you don't say, so I'll presume this is the more
> usual I'm-natting-at-my-house.

the IP I get on ppp0 belongs to the same block as their dns and the
machine they tell you to use for your outbound mail, so I presume it's
routable. Oh yes, I can get to that IP from outside with nmap, so it's a
routable IP.

> > If I use my ISP's outbound mailserver (eg mail.isp.net) as the first
> > hop for my mail (eg when using netscape as the mail client), I am asked
> > for my username/passwd for the first mail. After that, all mail is
> > forwarded without a request for authentication.
> >
>
> Asked for a username and password using what protocol?  POP before SMTP?
> Some sort of HTTP transaction?

it's an http login box. I assume the ISP's MTA is using SMTP AUTH, but I
don't know. No POP etc, this is only outbound. My inbound mail is sitting
on a machine on the internet where I retrieve it from a shell account.

> > I would like to setup mail at home so that the outbound mailserver
> > for local machines is my router (192.168.1.1), so that internal machines
> > do not have to be re-configured when I'm using a different ISP (I move
> > my setup from place to place occassionally and wind up using different
> > ISPs).
> >
> > I then need to setup the router so that it can handle the authenticion
> > request from the ISP, without user intervention
>
> This depends on the protocol.  It would be an interesting perl exercise
> to implement a mail server (using copious CPAN help, of course) that, if
> there had been a signficant lapse of time (or other indication of loss
> of authentication) would automatically initiate (or accept?) the
> authentication mechanism.  I could be a lot less vague if I knew what
> protocols were involved.

well I could have the dialup script send mail to one of my outside
machines saying "home machine just came up" and feed the username/passwd
to the ISP with a shell HERE statement.

> > or it can send directly to the recipient. If I went the latter route,
> > would it work if I bound the MTA to the dynamic IP on the outside of
> > the router? (Presumably this dynamic IP is reverse DNS-able by the
> > recipient).

> There has been talk on the trilug list that many ISPs are now blocking
> SMTP from non-whitelisted addresses, to prevent spam.  That could mean
> your SMTP could be blocked.  This may, indeed, be your primary problem.
> In this case, I believe the prevention is worse than the disease,
> because it means the ISPs become the gatekeepers to our freedom to
> communicate.  Call me "Mad-Eye Moody".

I can send mail from any of boxes (NAT'ed or the router) after
authentication, as long as I'm using the ISP's outbound mailserver
as the relay.

> > If binding to the dynamic IP works, then presumably the MTA at
> > 192.168.1.1 which is forwarding mail from user on the boxes on the
> > NAT'ed network, will have to be setup to forward mail to the MTA on
> > the dynamic IP.

> Unless I've completely understood, you've got a Linux box with two
> addresses, 192.168.1.1, and, for illustrative purposes, 66.66.66.66.
> To send mail out, you will want to listen only to 192.168.1.1.  The MTA
> will see the To: address, do it's DNS, and then initiate a connection
> from a random high TCP port at 66.66.66.66 to port 25 of the public IP
> address of the recipients MTA.

yes, except that I wouldn't have expected my MTA to be bound to
66.66.66.66

> You haven't expressed a need to
> passively receive e-mail from the public internet,

correct

> A Mail Transfer Agent's job is to relay(transfer) mail.  Most do the job
> by default.  If you're using sendmail on a Red Hat distribution, do this:


will go look. (I hate looking at sendmail.cf files)

Thanks Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
mailto:jmack at wm7d.net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
It's GNU/Linux!

More information about the ncsa-discussion mailing list