Transparent email proxy

Bart Silverstrim bsilver at
Fri Jul 13 15:46:53 UTC 2007

Olivier Nicole wrote:
> Hi,
> As an ISP, or the person in charge of a large organisation, have you
> ever set-up a transparent email redirection: all outgoing email would
> be proceeded to an outgoing server in order to check for virus, spam,
> whatever.

Incoming mail, yes.  Outgoing, no, I haven't.

But I thought only a few kinds of bots are using your user's email 
server settings...aren't most still direct sending from the user's 
system (turning zombies into the mail relay, not having the zombies 
flood the provider's mail server?)

The only way to stop the former that I know of is to have your routers 
only allow port 25 traffic outbound from your legit mail server only and 
all others are blocked.  You might also want to set up a way to have it 
report attempts to send mail out from your clients so you can see how 
many of your users may be infected with something.

You'd then need to probably set up your UNIX system to accept email and 
scan it before forwarding it on.  It should be relatively easy using 
Postfix and Amavisd-new (Amavis can be tied to clamav and Spamassassin). 
  I am trying to figure out a new incoming bastion mail server scheme 
now...but our original does something like this for incoming mail now.


More information about the freebsd-questions mailing list