Date: Fri, 13 Jul 2007 09:57:25 +0200 From: "Heiko Wundram (Beenic)" <wundram@beenic.net> To: freebsd-questions@freebsd.org Subject: Re: Transparent email proxy Message-ID: <200707130957.25604.wundram@beenic.net> In-Reply-To: <200707130730.l6D7U6v9086226@banyan.cs.ait.ac.th> References: <200707130730.l6D7U6v9086226@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 13 July 2007 09:30:06 Olivier Nicole wrote: > As an ISP, or the person in charge of a large organisation, have you > ever set-up a transparent email redirection: all outgoing email would > be proceeded to an outgoing server in order to check for virus, spam, > whatever. Don't do this transparently. Only leads to pain and suffering (and=20 sufficiently high client disappointment), especially if you want to support= =20 TLS over SMTP (which either means a failed certificate for the sending host= =20 in case you proxy fully), or not check-/controllable by you (in case you pa= ss=20 encrypted SMTP on directly). Easiest solution that worked for me: block all outgoing traffic to ports 25= =20 and 465, and tell your clients to use <yoursmtphost> as their smarthost,=20 which then accepts the mail, scans it, and sends it on properly. This works= =20 fine for a university of 8000 computers. ;-) =2D-=20 Heiko Wundram Product & Application Development =2D------------------------------------ Office Germany - EXPO PARK HANNOVER =20 Beenic Networks GmbH Mail=E4nder Stra=DFe 2 30539 Hannover =20 =46on +49 511 / 590 935 - 15 =46ax +49 511 / 590 935 - 29 Mail wundram@beenic.net Beenic Networks GmbH =2D------------------------------------ Sitz der Gesellschaft: Hannover Gesch=E4ftsf=FChrer: Jorge Delgado Registernummer: HRB 61869 Registergericht: Amtsgericht Hannover
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707130957.25604.wundram>