Forum OpenACS Q&A: OpenACS Inside a Protected Domain

Posted by Robin Felix on 02/09/05 07:37 PM

This would seem to be a simple problem, but I can't crack it. We have an OpenACS system that serves as a project intranet for both internal users and external partners. It operates inside a protected network, and that was fine until our security administrators decided to close off port 25, both incoming and outgoing, except to the official mail server. Without local mail, of course, the administration and notification functions of OpenACS are crippled. The sysadmins have told us to relay our outgoing mail through the official server -- no exceptions.

My question is how to configure OpenACS / Qmail / AOLServer to relay mail through an external mail server rather than using a local mail server. I've tried changing the ns_param mailhost parameter per the AOLServer documentation, but nsd fails to start, becoming defunct without explanatory log entries. I don't see anything in the Qmail documentation to invoke outgoing relay of all traffic through one host, and I can't find anything in these forums.

Any helpful hints? TIA.

2: Re: OpenACS Inside a Protected Domain (response to 1)

Posted by Brian Fenton on 02/10/05 11:05 AM

Hi Robin,
I'm not an expert but here are a few suggestions.
I think the "ns_param mailhost" was changed to "ns_param smtphost" in AOLserver 4, so you could try that first. If you're using AOLserver 3, mailhost should be fine.

Make sure the ns_param mailhost (or smtphost) entry is in the "ns_section ns/parameters" section.

Can you open a manual mail session to the mail server from your unix prompt? Try this:
[qfs18 aol33]$ telnet 192.168.0.80 25
Trying 192.168.0.80...
Connected to 192.168.0.80.
Escape character is '^]'.
220 qfs01nt.quest.ie ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.
2653.13) ready
HELO
250 OK
QUIT
221 closing connection
Connection closed by foreign host.

Hope this helps.
Brian

3: Re: OpenACS Inside a Protected Domain (response to 1)

Posted by Sam Snow on 02/11/05 07:57 PM

I beleive you could leave your current qmail server as-is, besides just telling to to send all outgoing email over to the approved server.

To do this use an smtproutes file in the qmail control directory.

Example smtproutes entries:
domain_you_want_to_route:primary-server.domain.com
another_domain_you_want_to_route:another-server.domain.com

If you want to route all mail and then you should have the line like:

:primary-server.domain.com

After you have done this restart your qmail server for the changes to be noticed.

I hope that helps!
Sam

4: Re: OpenACS Inside a Protected Domain (response to 1)

Posted by Robin Felix on 02/17/05 07:15 AM

Sam's suggestion to create an smtproutes file in qmail/control worked like a champ, causing all outgoing mail to be routed through the "official" server as required. Tks, Sam.