Sun Internet Mail Server 3.5 Advanced Installation Guide:

Role of a Mail Server

Before you install an ensemble of mail servers, you should determine what role you will assign to the message transfer agent for each of them. Two factors can help determine the role of an MTA:

The MTA's ability to route messages to a group of e-mail users in one of the following ways:

		The MTA delivers mail directly to local recipients.
		The MTA forwards the messages to the recipient's appropriate mail server for non local recipients.

The relative position of the mail server to the company's firewall:

MTA's Ability to Route Messages

		If the mail server is separated from the public Internet by a firewall machine
		If the mail server is not separated from the public Internet by a firewall machine; your company does not have a machine serving as the firewall, or your mail server also serves as the firewall system.

The SIMS product classifies the MTA's ability to route messages in the following three ways:

The MTA's Location Relative to a Firewall

	1.	The mail server does not support a user community. This setup is typical if your mail server is a backbone MTA that routes messages between domains. It does not know of each mail user, but uses the host or domain specifications to forward the message to the appropriate mail server for delivery. For example, if a message is sent to <user>`@eng.alpha.com`, the MTA knows to forward this message to `mailhost.eng.alpha.com`. Similarly, it can forward a message addressed to <user>`@qa.eng.alpha.com` to `mailhost.qa.eng.alpha.com`.
	2.	The MTA can only deliver messages to local users. The MTA cannot deliver to non-local users. If a message arrives that is not addressed to a local user, and the `To:` envelope address is not canonical and fully-qualified (that is, it does not specify the address's information as <user>@host.domain), the MTA forwards it to a specified smart host. The smart host is more likely to be able to forward the message to the recipient's mail server.
	3.	The MTA can route messages within its Internet domain or a specified set of domains. The mail server can forward a message to the recipient's mail server if the recipient belongs to one of the specified domains.

If your company has not implemented a firewall around your mail network, the mail server queries the local or a public Internet domain name server before it forwards a message. However, if your mail server is located behind a firewall system, all messages to mail users outside your company's private mail network have to travel through the firewall's MTA. Since your MTA is not a firewall MTA, it also cannot query the public DNS.
This means that each mail server's MTA depends on a smarter MTA (except the firewall machine's MTA) that resides on the firewall machine or a smart host, to forward all messages that it cannot route directly. The smart host may or may not serve as the firewall system. If you have two separate machines, one serving as the smart host and the other serving as the firewall system, the MTA can forward a message to a recipient in another subdomain to the smart host, and mail addressed to a recipient outside your organization to the firewall machine.
For example, your company, Alpha Corporation, has implemented a firewall. If a user, joan@eng.alpha.com sends a message to pierre@sales.alpha.com, the message is handled by Joan's mail server. Since Joan's mail server can route only to users within eng.alpha.com domain, it forwards the message to its configured smart host, mailhost.alpha.com. If mailhost.alpha.com has the ability to route messages to alpha.com, this mail will be routed directly to Pierre's mail server. However, if mailhost.alpha.com serves as a pure backbone MTA, with no ability to route messages directly to users, it will transit the message to a configured MTA (specified in the mailhost.alpha.com 's configuration) that can route directly within Pierre's mail domain, sales.alpha.com.
In this example, mailhost.alpha.com does not necessarily serve as the company's firewall system. So, if a message arrives addressed to youri@net.com, mailhost.alpha.com will forward this message to the firewall machine. The firewall machine will then route the message across the public Internet to the net.com domain.
For information on how to configure an MTA's location relative to a firewall and how to configure a smart host, see Section "To Configure Position Versus Firewall and Smart Host," in the Sun Internet Mail Server 3.5 Administrator's Guide.