Transparent email proxy

[Jeffrey Goldberg]

On Jul 16, 2007, at 12:49 AM, Olivier Nicole wrote:

>> With the firewall, it is easy to make the use of the outgoing mail
>> hub compulsory.  Is there some reason beyond that that you want to do
>> things transparently?
>
> Yes, I should have been a bit more specific. As university department,
> we receive a number of visitors, when they have been in the plane for
> 24 hours, they usually want to check their email: each time we have to
> inform them that they can only send through our mail gateway, and they
> have to temporarily change their setting for the duration fo their
> visit, and remember to change back when they left: that is annoying
> (and I am not always around to tell them why they cannot send their
> email).
>
> That is why I am thinking about transparent redirection.

Thanks for elaborating on that.  As others have suggested use  
redirection on your firewall to point them to your outgoing hub.   
I've never yet played with such redirection, so I'll leave it to  
others to comment, but the details will depend on what kind of  
firewall you are currently running.

I am wondering what will happen if these visitors' mail clients try  
to authenticate against your mail server.  If your server does allow  
SMTP-AUTH than the clients, if configured to authenticate will  
attempt to as far as I understand.  It might be worth doing some  
experiments to see how this works.

The "proper" solution to this would be for people to use the (new)  
SMTP submission mechanism on the submission port, but it appears that  
ISPs aren't doing enough to get their users to do things that way.

Good luck with this.

-j




-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/