internal mail server

[s_hcl]

my company has an exchange server for mails,the server is at the isp end.Presently all the users are connected to net ,hence

they download the mails directly from the exchange server to outlook.

Due to security policy which will be adapted ,they want the finance people not to access the internet .Hence i was thinking

if there is any option of configuring an internal mail server which will send and recieve all the mails internally and forward it to the outside world.That is if the user sends a mail to say hotmail .com ,the internal mail server should route that message outside as well as recieve mails and transfer it to the user mail box in the internal mail server.

kindly let me know ,its urgent.

we are using a cable net connection of 256 kbps bandwidth.

[Tuttle]

This would probably be simpler just moving the server inhouse. You can do what you want with some trickery though.

Install a local mail server, and make it think it's in charge of a different domain, eg internal.example.com. Then configure accounts on that server for the finance people.

To get outgoing mail working, just configure the finance computers to send mail through that server, but still claiming to be [email protected]. There should be no issues with that. It's probably easiest to configure the internal server to relay all mail through the server at the ISP end.

To get incoming mail working, set up forwarding for each user on the external server which sends mail to [email protected]. That will end up on the internal server where the finance users can get to it.

The hardest part in all of this is getting the MX records right so that the ISP's server knows how to forward mail to internal.example.com.

Note that by doing this, you're potentially going to break a whole bunch of advanced Exchange functionality like calendar sharing and meeting invites. Not sure how to avoid that; Exchange-specific stuff isn't really my thing.

[s_hcl]

Which internal mail server should i use ,any good free ware.
Just adding my query ,to ur queries...

Now presently say my mail server is mail.abc.com and i use the pop3 and smtp address as mail.abc.com

user id is [email protected].
If i configure a internal mail server ,i will need to create a mial box named Tom ,so that all the mails are stored in it.

So ,the internal mail server may have settings forthe braodband connection to initiate mail send and recieve.

As u said that create a another domain in the mail server say xyz.com and create users in it .But if tom sends mail from his pc ,does he have to parse it ...say
[email protected]<[email protected]>,since this problem may arise.

kindly let me know

[Tuttle]

I haven't used any free Windows mail servers in ages, sorry.

Okay, so you have [email protected], who's currently using mail.example.com as his POP3 and SMTP mail server. You want him to use the new internal server instead.

If the new mail server is called internal.example.com, and tom's account on it is then [email protected], you need to configure his email client like this:

• POP3 Server: internal.example.com
• SMTP Server: internal.example.com
• Name: Tom
• Email: [email protected]
• Username: tom
• Password: ********

Emails will then appear to come from [email protected], even though they're going through the internal server.

The only place you need to use [email protected] is on the ISP-end mail server when you configure the forwarding inwards.

[s_hcl]

i was thinking of using mDaemon mail server with mail scan.

Another point came into my mind,

is there any firewall wherein i can group particular users and them restrict internet access to them by blocking port 80 and allowing only ports 25 and 110 for mail access.If this is possible it would be good.

let me know

[Tuttle]

Generally a firewall should be configured to deny everything, then only allow access you want. So for example you might allow ports 25 and 110 from everyone, but only allow port 80 from a proxy server (which then requires authentication). What sort of stuff do you have installed at the moment?

[s_hcl]

At present its a workgroup network and have installed Linux with Iptables as the Firewall.

In the rules as u mentioned ,generally everthing is flushed and denied and then only the respective ports are given access.

So theres no proxy server present.Actually my company has told me do design a network ,w.r.t

denying intrernet access to certain groups and only mail access
in local lan groups to be made ,so that they dont access each other.
disaster recovery and backup strategies
vpn

I cant post the network diagram which i have percieved as theres no option.If u have any mail id ,i will attach the same and u can correct me .

[SpywareDr]

I cant post the network diagram which i have percieved as theres no option.

Click the "Post Reply" button at the bottom-left of this thread. Scroll down and in the "Additional Options" box, there is a "Manage Attachments" link. Click it and you'll get a "Browse" option where you can select and upload a file on your hard drive to be attached to your message.

[s_hcl]

kindly note the revised details...
Presently we have a workgroup enviornment with 25 systems on win2k proff and win xp proff.A Linux firewall is setup for interent access with Iptables and nating.
Hence all theusers have internet access.Some policy changes are needed and I want do a setup with the following groups and the security features needed are as below.

Groups

Research
Development
Support
Mktg
Finance

1)No group should be able to access the resources of each other ,except the users in its respective group.

2)Internet access only for support and mktg.
3)Other groups to have mail access only ,but no internet access(How should i go about this ,was thinking of installing Mdaemon mail server)

4)Each group will probably have its own file server
5)A person from one group may have permission to access resources og other groups.
6)VPN access (client access) to connect to vpn server.
7)CAn igo in for a firewall based router which will have also have a VPn module at the internet gateway.

I had thought of 2 solutions ,one pertaining to creating a single windows 2000/2003 domain enviornment and second using Vlan.I m not sure which one will work,hence kindly go thru and let me know if any other method is avialble to achieve the following.


If i go in for a vlan enviornment ,and use a single Layer 3 switching device ,is it possible for me to access a particular group if required .