Loading ...
Sorry, an error occurred while loading the content.
 

Re: Postfix as an SMTP proxy?

Expand Messages
  • Victor Duchovni
    ... Don t silently redirect users SMTP traffic. Your options: - Join the SpamHaus PBL as an ISP, and add your IPs to the PBL. Allow users to request being
    Message 1 of 6 , Nov 1, 2010
      On Mon, Nov 01, 2010 at 11:36:00AM +0200, Nicholas Sideris wrote:

      > Hello,
      >
      > I am in a case, where I need to configure a postfix daemon for acting
      > as an SMTP server, where some spam-filtering and some anti-virus would
      > run in parallel in the box. This would be a help, for a local ISP, to
      > control spam relayed outside from his own network and thus avoiding IPs
      > to get blacklisted, etc. Now my problem. The users can use the SMTP server
      > directly, thus if they select mysmtp.mynetwork.com everything is okay.

      Don't silently redirect users' SMTP traffic.

      Your options:

      - Join the SpamHaus PBL as an ISP, and add your IPs to the PBL. Allow
      users to request being exempted from the PBL.

      - Block port 25 outbound, and allow users to request having the
      filter removed. Operate a reliable relay that users may elect
      to use. Don't block port 587.

      - Deploy something similar to the Symantec 8600 (aka Turntide)
      SMTP traffic shaping appliance, that can rate limit outgoing
      spam without rerouting the SMTP connection (limitation:
      it can't see through STARTTLS).

      --
      Viktor.
    • Stan Hoeppner
      ... Is this what you refer to Victor? http://www.symantec.com/business/brightmail-traffic-shaper -- Stan
      Message 2 of 6 , Nov 1, 2010
        Victor Duchovni put forth on 11/1/2010 12:27 PM:

        > - Deploy something similar to the Symantec 8600 (aka Turntide)
        > SMTP traffic shaping appliance, that can rate limit outgoing
        > spam without rerouting the SMTP connection (limitation:
        > it can't see through STARTTLS).

        Is this what you refer to Victor?

        http://www.symantec.com/business/brightmail-traffic-shaper

        --
        Stan
      • Rich
        Nick I have a simple and elegant solution that has been working for years. I am using postfix, spamassassin with spampd proxy server and god-forbid, a purchase
        Message 3 of 6 , Nov 1, 2010
          Nick I have a simple and elegant solution that has been working for
          years. I am using postfix, spamassassin with spampd proxy server and
          god-forbid, a purchase piece of software for antivirus from Command
          Central called Vexira. It is a simple setup and has worked for us.

          On 11/1/2010 5:36 AM, Nicholas Sideris wrote:
          > Hello,
          >
          > I am in a case, where I need to configure a postfix daemon for acting as an SMTP server, where some spam-filtering and some anti-virus would run in parallel in the box. This would be a help, for a local ISP, to control spam relayed outside from his own network and thus avoiding IPs to get blacklisted, etc. Now my problem. The users can use the SMTP server directly, thus if they select mysmtp.mynetwork.com everything is okay.
          >
          > Now, we do suppose that a few users do have a valid subscription for an SMTP server, outside our network, say theirsmtp.theirnetwork.com. That foreign server uses SMTP auth as well. Obviously, redirecting that traffic first to our proxy, results in complete e-mail delivery failure.
          >
          > Is any way to handle this? Preferable methods.
          > a) Our SMTP proxy, talks with the foreign SMTP and sends the e-mail accordingly.
          > b) Our SMTP proxy, just forwards the commands, without checking the e-mail for spam/virus (not vey wise, but if there's no other solution, is part of the foreign server's responsibility to do these checks)
          > c) Our SMTP proxy, just sends the e-mail directly to the recipient after checking it, without ever talking to the foreign SMTP server (it can cause problems with DKIM and SPF domains, but in any case, it may be helpful).
          >
          > What I need, is some configuration instructions about how to achive such a functionality.
          >
          > Best Regards
          > N. Sideris
          >
          >
        • Victor Duchovni
          ... Yes. -- Viktor.
          Message 4 of 6 , Nov 1, 2010
            On Mon, Nov 01, 2010 at 01:43:05PM -0500, Stan Hoeppner wrote:

            > Victor Duchovni put forth on 11/1/2010 12:27 PM:
            >
            > > - Deploy something similar to the Symantec 8600 (aka Turntide)
            > > SMTP traffic shaping appliance, that can rate limit outgoing
            > > spam without rerouting the SMTP connection (limitation:
            > > it can't see through STARTTLS).
            >
            > Is this what you refer to Victor?
            >
            > http://www.symantec.com/business/brightmail-traffic-shaper

            Yes.

            --
            Viktor.
          Your message has been successfully submitted and would be delivered to recipients shortly.