setting up a local outbound mailserver at home for dialup

Thu Nov 20 13:12:57 EST 2003

On Nov 18, 2003, at 8:02 AM, Joseph Mack NA3T wrote:

> I have a group of machines at home NAT'ed behind a linux router/dial-up
> box. All machines are on 192.168.1.0/24.
>
> If I send e-mail from one of these machines I will usually get a 
> refusal
> from the recipient because of a failure in reverse DNS. Presumably DNS
> can't resolve my local internal domain name because it is private.
>
> If I use my ISP's outbound mailserver (eg mail.isp.net) as the first
> hop for my mail (eg when using netscape as the mail client), I am asked
> for my username/passwd for the first mail. After that, all mail is
> forwarded without a request for authentication.
>
> I would like to setup mail at home so that the outbound mailserver
> for local machines is my router (192.168.1.1), so that internal 
> machines
> do not have to be re-configured when I'm using a different ISP (I move
> my setup from place to place occassionally and wind up using different
> ISPs).
>
> I then need to setup the router so that it can handle the authenticion
> request from the ISP, without user intervention or it can send 
> directly to
> the recipient. If I went the latter route, would it work if I bound the
> MTA to the dynamic IP on the outside of the router? (Presumably this
> dynamic IP is reverse DNS-able by the recipient). If binding to the
> dynamic IP works, then presumably the MTA at 192.168.1.1 which is
> forwarding mail from user on the boxes on the NAT'ed network, will
> have to be setup to forward mail to the MTA on the dynamic IP.
>

I'm a little late in responding to this thread but I use a postfix 
solution on Linux that does all of this. Basically you do as you 
suggest, and configure postfix on one of your internal systems in the 
DMZ. Since you're using POP/IMAP to pull in mail you can firewall off 
the incoming SMTP port to make life a bit more secure. Basically 
postifx will only be used for sending outbound mail from your home 
network.

To avoid password prompting by your ISP you can tell postfix to 
masquerade as a mail server within your ISP domain. For example, I have 
RoadRunner and configured postfix to use smtp-server.nc.rr.com as the 
relayhost . I then setup a canonical map to rewrite all internal 
domains to external domains as follows:

/etc/postfix/main.cf :
	canonical_maps = hash:/etc/postfix/sender_canonical
/etc/postfix/canonical
	@internal.domain @nc.rr.com

If needed we can further configure postfix to masquerade it's domain 
name used during HELO to be "isp.net"

I think this solves your problems but I'm not sure if you're also 
talking about using your mailserver for outgoing SMTP external to your 
internal domain. (For example when traveling).

Postfix can be found at http://www.postfix.org/ where there is plenty 
of docs and a FAQ to help with some of this too :)

--
Scott (aim: bluecame1)
blog: http://sackheads.org/~scottrus/blog/
Do not trifle with me, I have eaten 104 brains.