dns configuration for natted mailserver

[Harondel J. Sibble]

Okay, just curious if the following is the best way to configure dns for a
natted mail server:

Background  (note: the frontend will be running Mailscanner/SA/F-prot, my
concern is this setup running afoul of other mailscanner setup on the net)

- external dns will be hosted by isp with their mailserver as the backup MX
- internal dns is hosted on the win2k server with a non-real domain (comp-
name-intraner.net) name only used internally, dns server is set to forward
any queries it can't answer to isp's dns servers
- there are 2 mail server's on the lan, one is the frontend/mail scanner and
will do virus and spam filtering and act as an in/outbound mail relay. The
main workgroup mailserver will not be accessible from the internet except via
vpn. it will not be listed in external dns, only the frontend box will be.
- sonicwall firewall is set to allow smtp traffic to the single internal
frontend box (mailscanner) via port forwarding to the natted box
- mailscanner is configured to act as a relay for outbound mail from the lan
and for inbound email to the hidden mailserver
- the internal dns has entries for both mailservers with their real net
accessible names mail.domainname.com and mailscan.domainname.com.

So....

This is the plan, anything missing?

1) in the isp's dns servers we add an A, MX and rNDS record for
mailscan.domainname.com which points to the wan ip address for the sonicwall
which port forwards to the mail relay
2) setup isp's mailserver as seconday mx

The only problem I see with this is that mail sent from the hidden mail
server will fall afoul of antispam filtering at other sites since there will
be no external dns entries for the hidden server itself and a rdns check will
fail.


--
Harondel J. Sibble
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)      (604) 686-2253 (pager)