[ previous ] [ next ] [ threads ]
 
 From:  sylikc <sylikc at gmail dot com>
 To:  =?ISO-8859-1?Q?Carlos_Ros=E1rio?= <carlos dot rosario at netcabo dot pt>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Two Mail Servers with 2 Public IP's
 Date:  Wed, 23 Mar 2005 10:17:46 -0800 
Carlos,

> I have 2 mail servers in an ADSL Link with 2 public IP adresses serving
> email to 2 diferent domains.
> I've configured 1 public IP in Server NAT and an SMTP rule in NAT for
> mail to be delivered to the mail server of  domain A. For the other
> public IP, i've configured  an SMTP NAT rule for mail to be delivered to
> the mail server  of domain B. All inbound and outbound mail delivery
> works, 

This sounds just about right for all the NAT rules.


> except when a user of domain A, sends e-mail to a user of domain
> B, or vice-versa, mail isn't delivered. I think this has something to do
> with accessing NATed Services from the LAN segment, i'm not sure.

This does sound like it's the issue about accessing WAN external IP
from inside the LAN.  There are a few things to look after to resolve
this though.  First of all, I'm sure you've already set up some DNS
entries to redirect to the internal IP of your server_A and server_B
so that clients are able to send mail at all.

Now, here's where it might be a little tricky.  When sending mail,
servers will look up the DNS MX records (Mail eXchanger Records) as to
figure out which host to actually send the mail for the domain to.  If
you control your own DNS, this should be a snap.  It is always
advisable to set up at least one MX record.  If a mail server doesn't
find an MX record, it just resolves DNS to send mail directly to the
domain.  If it finds multiple records, it will send to the one with
lowest preference.

So, assuming you are serving your own DNS, add a priority 5 entry in
your MX record for @domain_A.com to CNAME mail.server_A.com and do the
same for @domain_B.com -> mail.server_B.com

From the outside, someone sending mail will first look up the MX for
domain_A.com to find it is mail.server_A.com ... then it'll do a DNS
on mail.server_A.com which would be your WAN_IP_A address

From the inside, the server that's sending the mail, let's say
server_A wants to send to @domain_B.com.  Server_A will look up the MX
record for @domain_B.com to find it's mail.server_B.com.  server_A
will resolve mail.server_B.com to LAN_IP_B <-- that's probably the key
to solving your problem.


So, as a recap, add MX records with CNAMEs that will resolve to
external IP from outside and internal IP from inside.  Your servers
are the ones that will actually be "sending" the mail, so those are
the ones that need the correct DNS resolution.


/sylikc