Transparent email proxy
jeffrey at goldmark.org
Mon Jul 16 12:39:24 UTC 2007
On Jul 16, 2007, at 12:49 AM, Olivier Nicole wrote:
>> With the firewall, it is easy to make the use of the outgoing mail
>> hub compulsory. Is there some reason beyond that that you want to do
>> things transparently?
> Yes, I should have been a bit more specific. As university department,
> we receive a number of visitors, when they have been in the plane for
> 24 hours, they usually want to check their email: each time we have to
> inform them that they can only send through our mail gateway, and they
> have to temporarily change their setting for the duration fo their
> visit, and remember to change back when they left: that is annoying
> (and I am not always around to tell them why they cannot send their
> That is why I am thinking about transparent redirection.
Thanks for elaborating on that. As others have suggested use
redirection on your firewall to point them to your outgoing hub.
I've never yet played with such redirection, so I'll leave it to
others to comment, but the details will depend on what kind of
firewall you are currently running.
I am wondering what will happen if these visitors' mail clients try
to authenticate against your mail server. If your server does allow
SMTP-AUTH than the clients, if configured to authenticate will
attempt to as far as I understand. It might be worth doing some
experiments to see how this works.
The "proper" solution to this would be for people to use the (new)
SMTP submission mechanism on the submission port, but it appears that
ISPs aren't doing enough to get their users to do things that way.
Good luck with this.
Jeffrey Goldberg http://www.goldmark.org/jeff/
More information about the freebsd-questions