From owner-freebsd-questions@FreeBSD.ORG Fri Jul 13 15:46:53 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5802B16A408 for ; Fri, 13 Jul 2007 15:46:53 +0000 (UTC) (envelope-from bsilver@chrononomicon.com) Received: from trans-warp.net (hyperion.trans-warp.net [216.37.208.37]) by mx1.freebsd.org (Postfix) with ESMTP id 95EAA13C4BB for ; Fri, 13 Jul 2007 15:46:52 +0000 (UTC) (envelope-from bsilver@chrononomicon.com) Received: from [127.0.0.1] (unverified [65.193.73.208]) by trans-warp.net (SurgeMail 3.8f2) with ESMTP id 126530215-1860479 for multiple; Fri, 13 Jul 2007 11:06:32 -0400 Message-ID: <469794EF.4060006@chrononomicon.com> Date: Fri, 13 Jul 2007 11:06:23 -0400 From: Bart Silverstrim User-Agent: Thunderbird 1.5.0.12 (X11/20070604) MIME-Version: 1.0 To: Olivier Nicole References: <200707130730.l6D7U6v9086226@banyan.cs.ait.ac.th> In-Reply-To: <200707130730.l6D7U6v9086226@banyan.cs.ait.ac.th> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Authenticated-User: bsilver@chrononomicon.com Cc: freebsd-questions@freebsd.org Subject: Re: Transparent email proxy X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2007 15:46:53 -0000 Olivier Nicole wrote: > Hi, > > As an ISP, or the person in charge of a large organisation, have you > ever set-up a transparent email redirection: all outgoing email would > be proceeded to an outgoing server in order to check for virus, spam, > whatever. Incoming mail, yes. Outgoing, no, I haven't. But I thought only a few kinds of bots are using your user's email server settings...aren't most still direct sending from the user's system (turning zombies into the mail relay, not having the zombies flood the provider's mail server?) The only way to stop the former that I know of is to have your routers only allow port 25 traffic outbound from your legit mail server only and all others are blocked. You might also want to set up a way to have it report attempts to send mail out from your clients so you can see how many of your users may be infected with something. You'd then need to probably set up your UNIX system to accept email and scan it before forwarding it on. It should be relatively easy using Postfix and Amavisd-new (Amavis can be tied to clamav and Spamassassin). I am trying to figure out a new incoming bastion mail server scheme now...but our original does something like this for incoming mail now. -Bart