Transparent email proxy
bsilver at chrononomicon.com
Fri Jul 13 15:46:53 UTC 2007
Olivier Nicole wrote:
> As an ISP, or the person in charge of a large organisation, have you
> ever set-up a transparent email redirection: all outgoing email would
> be proceeded to an outgoing server in order to check for virus, spam,
Incoming mail, yes. Outgoing, no, I haven't.
But I thought only a few kinds of bots are using your user's email
server settings...aren't most still direct sending from the user's
system (turning zombies into the mail relay, not having the zombies
flood the provider's mail server?)
The only way to stop the former that I know of is to have your routers
only allow port 25 traffic outbound from your legit mail server only and
all others are blocked. You might also want to set up a way to have it
report attempts to send mail out from your clients so you can see how
many of your users may be infected with something.
You'd then need to probably set up your UNIX system to accept email and
scan it before forwarding it on. It should be relatively easy using
Postfix and Amavisd-new (Amavis can be tied to clamav and Spamassassin).
I am trying to figure out a new incoming bastion mail server scheme
now...but our original does something like this for incoming mail now.
More information about the freebsd-questions