[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Any DNS Experts around........



At 19:34 11/03/03 +0000, Rob Keeling wrote:
I did wonder about redirecting all outgoing port 25 traffic to our mail
server, which would solve the mail issue, but still
leaves the web filtering.
That's a reasonable idea. It means that when users are using the wrong SMTP details outgoing email will still work and you don't get helpdesk calls from them.

Did you know that Freeserve do this? No matter what you use as a SMTP server, Freeserve always proxy the traffic through their own mail servers. If all your laptops are on Freeserve try their SMTP settings as your school mail server and see whether Freeserve proxies the mail, assuming that you can get a DNS lookup for your school mail server on an external network.

Just a note about BIND.. it's terribly designed and security issues are always being discovered. You need to do one of:
- Firewall the name server ports so they're not accessible from remote hosts when connected thru freeserve. For your purposes, this is probably the best.
- Patch BIND when each security update is released.
- Replace BIND with DBJDNS from http://cy.yp.to . When setting up servers, one of the first things I do is remove BIND and sendmail, replacing them with DJBDNS and QMail from the above address. They're the dog's danglies :-)

Gary

___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

GNU the choice of a complete generation.