Transparent email proxy
Heiko Wundram (Beenic)
wundram at beenic.net
Fri Jul 13 07:57:28 UTC 2007
On Friday 13 July 2007 09:30:06 Olivier Nicole wrote:
> As an ISP, or the person in charge of a large organisation, have you
> ever set-up a transparent email redirection: all outgoing email would
> be proceeded to an outgoing server in order to check for virus, spam,
> whatever.
Don't do this transparently. Only leads to pain and suffering (and
sufficiently high client disappointment), especially if you want to support
TLS over SMTP (which either means a failed certificate for the sending host
in case you proxy fully), or not check-/controllable by you (in case you pass
encrypted SMTP on directly).
Easiest solution that worked for me: block all outgoing traffic to ports 25
and 465, and tell your clients to use <yoursmtphost> as their smarthost,
which then accepts the mail, scans it, and sends it on properly. This works
fine for a university of 8000 computers. ;-)
--
Heiko Wundram
Product & Application Development
-------------------------------------
Office Germany - EXPO PARK HANNOVER
Beenic Networks GmbH
Mailänder Straße 2
30539 Hannover
Fon +49 511 / 590 935 - 15
Fax +49 511 / 590 935 - 29
Mail wundram at beenic.net
Beenic Networks GmbH
-------------------------------------
Sitz der Gesellschaft: Hannover
Geschäftsführer: Jorge Delgado
Registernummer: HRB 61869
Registergericht: Amtsgericht Hannover
More information about the freebsd-questions
mailing list