From owner-freebsd-questions@FreeBSD.ORG Mon Jul 16 12:39:24 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D945916A401 for ; Mon, 16 Jul 2007 12:39:24 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com [66.111.4.26]) by mx1.freebsd.org (Postfix) with ESMTP id 9B69813C481 for ; Mon, 16 Jul 2007 12:39:24 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id E7FB794D7; Mon, 16 Jul 2007 08:39:23 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Mon, 16 Jul 2007 08:39:23 -0400 X-Sasl-enc: 5Ace+SkjOAwj8Y4GeqJVqctwRGmnYLE9Mte4AG9OzGAt 1184589563 Received: from [10.1.10.136] (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTP id 84F8320529; Mon, 16 Jul 2007 08:39:23 -0400 (EDT) In-Reply-To: <200707160549.l6G5nFCP002529@banyan.cs.ait.ac.th> References: <200707130730.l6D7U6v9086226@banyan.cs.ait.ac.th> <47E045D4-44AB-44B8-A358-59ECA482CF81@goldmark.org> <200707160549.l6G5nFCP002529@banyan.cs.ait.ac.th> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <5AEA92BC-C1AF-4D8C-9200-0D9E0E073882@goldmark.org> Content-Transfer-Encoding: 7bit From: Jeffrey Goldberg Date: Mon, 16 Jul 2007 07:39:22 -0500 To: Olivier Nicole X-Mailer: Apple Mail (2.752.2) Cc: FreeBSD Questions Subject: Re: Transparent email proxy X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jul 2007 12:39:24 -0000 On Jul 16, 2007, at 12:49 AM, Olivier Nicole wrote: >> With the firewall, it is easy to make the use of the outgoing mail >> hub compulsory. Is there some reason beyond that that you want to do >> things transparently? > > Yes, I should have been a bit more specific. As university department, > we receive a number of visitors, when they have been in the plane for > 24 hours, they usually want to check their email: each time we have to > inform them that they can only send through our mail gateway, and they > have to temporarily change their setting for the duration fo their > visit, and remember to change back when they left: that is annoying > (and I am not always around to tell them why they cannot send their > email). > > That is why I am thinking about transparent redirection. Thanks for elaborating on that. As others have suggested use redirection on your firewall to point them to your outgoing hub. I've never yet played with such redirection, so I'll leave it to others to comment, but the details will depend on what kind of firewall you are currently running. I am wondering what will happen if these visitors' mail clients try to authenticate against your mail server. If your server does allow SMTP-AUTH than the clients, if configured to authenticate will attempt to as far as I understand. It might be worth doing some experiments to see how this works. The "proper" solution to this would be for people to use the (new) SMTP submission mechanism on the submission port, but it appears that ISPs aren't doing enough to get their users to do things that way. Good luck with this. -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/