Date: Fri, 13 Jul 2007 03:40:42 -0500 From: Paul procacci <pprocacci@bellsouth.net> To: Olivier Nicole <on@cs.ait.ac.th> Cc: freebsd-questions@freebsd.org Subject: Re: Transparent email proxy Message-ID: <46973A8A.4050009@bellsouth.net> In-Reply-To: <46973936.6080104@bellsouth.net> References: <200707130730.l6D7U6v9086226@banyan.cs.ait.ac.th> <46973936.6080104@bellsouth.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul procacci wrote: > Olivier Nicole wrote: >> Hi, >> >> As an ISP, or the person in charge of a large organisation, have you >> ever set-up a transparent email redirection: all outgoing email would >> be proceeded to an outgoing server in order to check for virus, spam, >> whatever. >> >> Best regards, >> >> Olivier >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> >> > The answer to your question is yes. To elaborate a bit more however > here is a personal document I wrote (i.e. wasn't intended for anyone > else), hopefully it provides you with good enough information and/or > the information you were looking for. Mind you, this is BSD and qmail > (yes, I'm a fanboy) specific. This assumes you are familiar with the > software I decided to use under the components heading. Certainly > feel free to ask any questions. I realize the document isn't > "production quality" due to the reasons given about, but rest assured > I can vouche for this method. > > Additionally note, this is obviously not the only method.....just that > it's my method. ;P Cheers! > > ~Paul > > ---------------------------------------------- > > I have 5 machines behind a load balancer, one of which is FBSD 4.11, > and the other 4 are FBSD 6.2. The component list I used is as follows: > > Components > > tcpserver > daemontools > qmail w/ QMAILQUEUE patch > qmail-qfilter > spamassassin > *custom c scripts (These are optional; one is provided) > > > Flow > > This is the current flow of any emails that reach the cluster. Note > the items listed within *'s are custom programs and explained later in > this document: > > tcpserver->qmail-smtpd->qmail-qfilter->spamc->*reject_spam*->qmail-queue->qmail-remote > > > **Note :: reject_spam is included because that is needed for denying > emails. (You could rewrite it in perl or sh if you needed to) > > Installation > > The installation for any new and existing proxy boxes is extremely > straightforward. > > For all but qmail listed above, use the ports tree. > > Setup spamd to create the /tmp/.spamd.sock socket. That's what I call > mine, yours can/will vary. > > Once all this is installed, create /etc/tcp.smtp with the following > entry and build the cdb file: > :+RELAYCLIENT=+QMAILQUEUE=/var/qmail/bin/qmail-queue-spam > > Ensure tcpserver uses that file(i.e. -x) > > While in /usr/ports/qmail..... > > a) upload the attached files (patch-qmail.c and patch-Makefile) into > ./files/ > > b) edit patch-qmail.c to reflect a message you would like to give. > '+ case 20: return "DAnti-SPAM Threshold Reached see > http://domain.com/legal_information.aspx";' > > c) type: make extract > > d) type: make patch > > e) copy the attached file (reject-spam.c) to ./work/qmail*/ > > f) Now, I haven't included some of my patches here do to sensative > information. Therefore, you'll need to edit the Makefile > (work/qmail-*/Makefile) to removed any and all references to > check_block and reject-record-spam. > > g) type: make install > > h) copy reject-spam to /var/qmail/bin > > i) Copy the attached shell script (qmail-queue-spam) to > /var/qmail/bin/; that is going to tie this together. > > Please note that it's NECESSARY to use the local software FW to allow > relaying. IPFW is a good choice (my preference anyways). Deny > everything to port 25, and only allow the hosts you want. I found > this to be the easiest. > Then on those hosts, smarthost the "hidden" (not really) machine. > ------------------------------------------------------------------------ > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" My attached c file got stripped. Here is it. reject-spam.c ------------------------------------------------------------------- #include "stralloc.h" #include "substdio.h" #include "readwrite.h" #include "getln.h" #include "str.h" stralloc s = {0}; substdio i = {0}; substdio o = {0}; char ibuf[1024]; char obuf[1024]; int main(void){ int match; substdio_fdbuf(&i,read,0,ibuf,sizeof(ibuf)); substdio_fdbuf(&o,write,1,obuf,sizeof(obuf)); for(;;){ if(getln(&i,&s,&match,'\n') == -1) _exit(81); if(!match || s.len == 1) break; if(!str_diffn("X-Spam-Flag: YES\n", s.s, s.len)) _exit(20); substdio_put(&o,s.s,s.len); } substdio_put(&o,s.s,s.len); substdio_copy(&o,&i); substdio_flush(&o); _exit(0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46973A8A.4050009>