Transparent email proxy

Heiko Wundram (Beenic) wundram at beenic.net
Fri Jul 13 07:57:28 UTC 2007


On Friday 13 July 2007 09:30:06 Olivier Nicole wrote:
> As an ISP, or the person in charge of a large organisation, have you
> ever set-up a transparent email redirection: all outgoing email would
> be proceeded to an outgoing server in order to check for virus, spam,
> whatever.

Don't do this transparently. Only leads to pain and suffering (and 
sufficiently high client disappointment), especially if you want to support 
TLS over SMTP (which either means a failed certificate for the sending host 
in case you proxy fully), or not check-/controllable by you (in case you pass 
encrypted SMTP on directly).

Easiest solution that worked for me: block all outgoing traffic to ports 25 
and 465, and tell your clients to use <yoursmtphost> as their smarthost, 
which then accepts the mail, scans it, and sends it on properly. This works 
fine for a university of 8000 computers. ;-)

-- 
Heiko Wundram
Product & Application Development
-------------------------------------
Office Germany - EXPO PARK HANNOVER
 
Beenic Networks GmbH
Mailänder Straße 2
30539 Hannover
 
Fon        +49 511 / 590 935 - 15
Fax        +49 511 / 590 935 - 29
Mail       wundram at beenic.net


Beenic Networks GmbH
-------------------------------------
Sitz der Gesellschaft: Hannover
Geschäftsführer: Jorge Delgado
Registernummer: HRB 61869
Registergericht: Amtsgericht Hannover


More information about the freebsd-questions mailing list