From owner-freebsd-questions@FreeBSD.ORG Fri Jul 13 07:57:27 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EED8616A401 for ; Fri, 13 Jul 2007 07:57:27 +0000 (UTC) (envelope-from wundram@beenic.net) Received: from mail.beenic.net (mail.beenic.net [83.246.72.40]) by mx1.freebsd.org (Postfix) with ESMTP id B38F513C4AA for ; Fri, 13 Jul 2007 07:57:27 +0000 (UTC) (envelope-from wundram@beenic.net) Received: from [192.168.1.37] (a89-182-27-17.net-htp.de [89.182.27.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.beenic.net (Postfix) with ESMTP id B0F72A44529 for ; Fri, 13 Jul 2007 09:56:02 +0200 (CEST) From: "Heiko Wundram (Beenic)" Organization: Beenic Networks GmbH To: freebsd-questions@freebsd.org Date: Fri, 13 Jul 2007 09:57:25 +0200 User-Agent: KMail/1.9.7 References: <200707130730.l6D7U6v9086226@banyan.cs.ait.ac.th> In-Reply-To: <200707130730.l6D7U6v9086226@banyan.cs.ait.ac.th> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200707130957.25604.wundram@beenic.net> Subject: Re: Transparent email proxy X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2007 07:57:28 -0000 On Friday 13 July 2007 09:30:06 Olivier Nicole wrote: > As an ISP, or the person in charge of a large organisation, have you > ever set-up a transparent email redirection: all outgoing email would > be proceeded to an outgoing server in order to check for virus, spam, > whatever. Don't do this transparently. Only leads to pain and suffering (and=20 sufficiently high client disappointment), especially if you want to support= =20 TLS over SMTP (which either means a failed certificate for the sending host= =20 in case you proxy fully), or not check-/controllable by you (in case you pa= ss=20 encrypted SMTP on directly). Easiest solution that worked for me: block all outgoing traffic to ports 25= =20 and 465, and tell your clients to use as their smarthost,=20 which then accepts the mail, scans it, and sends it on properly. This works= =20 fine for a university of 8000 computers. ;-) =2D-=20 Heiko Wundram Product & Application Development =2D------------------------------------ Office Germany - EXPO PARK HANNOVER =20 Beenic Networks GmbH Mail=E4nder Stra=DFe 2 30539 Hannover =20 =46on +49 511 / 590 935 - 15 =46ax +49 511 / 590 935 - 29 Mail wundram@beenic.net Beenic Networks GmbH =2D------------------------------------ Sitz der Gesellschaft: Hannover Gesch=E4ftsf=FChrer: Jorge Delgado Registernummer: HRB 61869 Registergericht: Amtsgericht Hannover