Question : Providing support for etrn on a Sendmail server that will handle mail for an Exchange server

I have a Linux server running Sendmail 8.12. It is handling email for abc.com currently. Now abc.com has an Exchange server, which sits behind a firewall, which doesn't allow incoming connections to port 25. I would like to continue to handle incoming email for abc.com on the Linux server, so no opening for port 25 is needed on the firewall, but have the Exchange server issue the etrn command to get all email received on the Linux server running Sendmail. How do I configure the Sendmail server to support this configuration? I understand how to configure the Exchange server to use the etrn command, but I don't know how to configure the Sendmail server and I'm wondering about access control to abc.com's email on the Sendmail server. How do I ensure that only the abc.com Exchange server gets the email for abc.com? I don't want to allow the possibility of some unauthorized system issuing the etrn command to the Sendmail server and getting abc.com's email.

Answer : Providing support for etrn on a Sendmail server that will handle mail for an Exchange server

Retrieving the messages via POP may well be the best approach is you have concerns about someone "stealing the mail'. With POP access to the messages are pasword protected. The disadvantage here is that you must maintain POP accounts for each of the users on the relay server.

If you wanted to use ETRN you'd remove all local accounts for users in the domain of the Exchange server. You'd still need the virtusertable records or aliases records for those users on the exchange server, but the target would be the FQDN of the exchange server. Since Sendmail can't ever make a connection to that server the messages will simply go into the queue. When the exchange server invokes ETRN it needs to ask for mail queued to its FQDN. Sendmail will pull those from the queue and deliver them to exchange.

The MX for the domain only points to the realy server. No other MX records are needed or desired.

If you open an SMTP conduit through the firewall limit the endpoints to be the realy and the exchange box you haven't incurred a significant security risk. That would allow you to use direct relay by specifying the FQDN of the exchange server as the target of a virtusertable or alias record. This has the advantage of not requiring Linux accounts for the exchange users and still only accepts mail for valid user names. This is way I always set up a mail relay. My real mail hubs are inside of a firewall and the relay box is the only point of Internet access. All inbound and outbound mail flows through the relay.

Random Solutions

UBUNTU 8.04 HOW do you set up bind A and MX record, zone?

Windows Vista - Multiple Email Signatures

Email Dead Man's Switch or Heartbeat monitor

You must run setup to install new binary files for every server in your farm

Enable SPAN (port mirroring) on all ports on Cisco Catalyst 3500 switch

how to use Unzip.nlm in NW 5.1 sp5

Userenv and LSASRV errors on XP Pro client

Finding Wireless Networks Offline

Duplicate name on network

Dell Bluetooth keyboard (y-raq-del2) won't go into discoverable mode.