Transparent email proxy

Daniel Marsh jahilliya at
Mon Jul 16 07:05:58 UTC 2007

On 7/16/07, Olivier Nicole <on at> wrote:
> Hi,
> > With the firewall, it is easy to make the use of the outgoing mail
> > hub compulsory.  Is there some reason beyond that that you want to do
> > things transparently?
> Yes, I should have been a bit more specific. As university department,
> we receive a number of visitors, when they have been in the plane for
> 24 hours, they usually want to check their email: each time we have to
> inform them that they can only send through our mail gateway, and they
> have to temporarily change their setting for the duration fo their
> visit, and remember to change back when they left: that is annoying
> (and I am not always around to tell them why they cannot send their
> email).
> That is why I am thinking about transparent redirection.
> Best regards,

We've setup transparent outgoing mail proxying using ASSP, PF and Postfix.

Basically any traffic that has a destination port of 25 on the Internet is
sent through our mail proxy, and onwards to the destination mail servers.

Main reason for this is simplicity.

I've never come across anyone using TLS+SMTP, in most cases I've found that
SMTP is accepted as insecure (esp. over the Internet). If we were talking
intra-company SMTP over the Internet, different story altogether due to the
company needing privacy.

More information about the freebsd-questions mailing list