Question : Workaround for Firewall/NAT SMTP connection problems using either Postfix or DNS.

Hello everyone.

Here's the problem: I have a Microsoft Exchange Server 2003 based mail system. With our current configuration of NAT, firewall, spam filtering, etc. it is not possible for internal mail clients to connect to port 25 on the mail server using the public FQDN. I have several users that are running different mail clients than Outlook in Exchange mode, one of whom is using Apple Mail. I do not want to configure RPC over HTTP so we use IMAP and SMTP. IMAP works fine. The SMTP server responds to external networks with no difficulties. It responds correctly when using the internal IP address  I am not going to change the security settings or turn off any of the filtering so opening the firewall correctly isn't going to work.

There are two possible ways that I can see to fix this problem: first, change DNS settings so that when connected to the internal network the internal IP is resolved. I'm not sure if this will even work correctly since the macbook in question will probably never be shut off and I'm not sure how to force the name resolution cache to not hold the public IP address. If a split zone sounds like the better idea, how do I set this up in Win Server 2003 DNS?

Second, I was hoping to use a very locked-down and specific configuration of Postfix on an Ubuntu Linux computer to be an outgoing email ONLY SMTP relay. Is it possible to configure Postfix to reject all incoming mail for delivery, only accept authenticated users, and relay the outgoing mail to the exchange server? If so what configuration options do I have to set in Postfix config files main.cf, master.cf? Would I still need to do spam/virus filtering with amavis/spamassassin/clamav?

Answer : Workaround for Firewall/NAT SMTP connection problems using either Postfix or DNS.

Split DNS is the way to go.  Here is one of many articles on setting it up.

http://articles.techrepublic.com.com/5100-10878_11-6097830.html