Lyris User's Guide
[previous] [next] [contents]
Living with a Firewall
Table of Contents
Introduction
Lyris Email Commands
Web Interface for Users
Server Administrator
Site Administrator
List Administrator
Other Topics
Add-On Packages
Installing and Upgrading
Installing Lyris
Moving a Lyris Installation to a New Machine
Installing Lyris as a Windows Service
Do I need a mail server in order to run Lyris?
What is the TCP/IP check for?
Problem: NT setup exits during the TCP/IP check
Installing the Web Interface on a separate Web Server
Living with a Firewall
Installing Lyris on Unix
Mail Server Coexistence
Upgrading to Lyris from Another List Server
Troubleshooting
Appendix
Frequently Asked Questions

Living with a Firewall

Many organizations employ a TCP/IP firewall, so that machines inside the firewall are not allowed to receive direct incoming connections. In such a setup, Lyris is disallowed from directly receiving email, and your site setup must be modified so that Lyris can receive mail through your firewall, using a method that works with your security policy.

In a typical setup, there are two machines to think about:

mail.company.com (the firewall server that can receive mail)
lyris.company.com (the Lyris server)

What you want to do is set up lyris.company.com in your external DNS (what the rest of the world sees) so that mail addressed to lyris.company.com actually gets delivered to mail.company.com. In DNS talk, this means:

lyris.company.com IN MX 10 mail.company.com

Then, your firewall needs to see lyris.company.com in the RCPT TO name of each email message it receives and forward this mail internally (inside your firewall) to lyris.company.com. We know of at least two ways of doing this:

1) set up an internal DNS entry for lyris.company.com to receive its own mail, so that the internal DNS for lyris.company.com looks different from the external DNS. Many firewalls will see this internal DNS entry and automatically do the forwarding. If your firewall is smart in this way, all you need to do is make this DNS change. This kind of internal/external DNS configuration setup is quite common with firewalls, and works well. The outside world only sees the firewall from your because of your external DNS setup, but the firewall knows how your internal network works, and makes sure everything gets forwarded correctly.

2) another option is to set up a forwarding rule on your firewall so that your firewall (mail.company.com) knows to forward mail it receives which is addressed to lyris.company.com on to Lyris (at lyris.company.com). This is sometimes a "sendmail" configuration option, or an option built into the user interface of your firewall software.

Other pages which link to this page:
  • Installing Lyris
  • Page 451 of 556