Living with a Firewall
Many organizations employ a TCP/IP firewall, so that machines inside the firewall are not allowed to receive direct incoming connections. In such a setup, Lyris is disallowed from
directly receiving email, and your site setup must be modified so that Lyris can receive mail through your firewall, using a method that works with your security policy.
In a typical setup, there are two machines to think about:
mail.company.com (the firewall server that can receive mail)
lyris.company.com (the Lyris server)
What you want to do is set up lyris.company.com in your external DNS (what the rest of the world sees) so that mail addressed to lyris.company.com actually gets delivered to
mail.company.com. In DNS talk, this means:
lyris.company.com IN MX 10 mail.company.com
Then, your firewall needs to see lyris.company.com in the RCPT TO name of each email message it receives and forward this mail internally (inside your firewall) to
lyris.company.com. We know of at least two ways of doing this:
1) set up an internal DNS entry for lyris.company.com to receive its own mail, so that the internal DNS for lyris.company.com looks different from the external DNS. Many firewalls
will see this internal DNS entry and automatically do the forwarding. If your firewall is smart in this way, all you need to do is make this DNS change. This kind of internal/external DNS
configuration setup is quite common with firewalls, and works well. The outside world only sees the firewall from your because of your external DNS setup, but the firewall knows how your internal
network works, and makes sure everything gets forwarded correctly.
2) another option is to set up a forwarding rule on your firewall so that your firewall (mail.company.com) knows to forward mail it receives which is addressed to lyris.company.com
on to Lyris (at lyris.company.com). This is sometimes a "sendmail" configuration option, or an option built into the user interface of your firewall software.