Re: Postfix as an SMTP proxy?
- Nick I have a simple and elegant solution that has been working for
years. I am using postfix, spamassassin with spampd proxy server and
god-forbid, a purchase piece of software for antivirus from Command
Central called Vexira. It is a simple setup and has worked for us.
On 11/1/2010 5:36 AM, Nicholas Sideris wrote:
> I am in a case, where I need to configure a postfix daemon for acting as an SMTP server, where some spam-filtering and some anti-virus would run in parallel in the box. This would be a help, for a local ISP, to control spam relayed outside from his own network and thus avoiding IPs to get blacklisted, etc. Now my problem. The users can use the SMTP server directly, thus if they select mysmtp.mynetwork.com everything is okay.
> Now, we do suppose that a few users do have a valid subscription for an SMTP server, outside our network, say theirsmtp.theirnetwork.com. That foreign server uses SMTP auth as well. Obviously, redirecting that traffic first to our proxy, results in complete e-mail delivery failure.
> Is any way to handle this? Preferable methods.
> a) Our SMTP proxy, talks with the foreign SMTP and sends the e-mail accordingly.
> b) Our SMTP proxy, just forwards the commands, without checking the e-mail for spam/virus (not vey wise, but if there's no other solution, is part of the foreign server's responsibility to do these checks)
> c) Our SMTP proxy, just sends the e-mail directly to the recipient after checking it, without ever talking to the foreign SMTP server (it can cause problems with DKIM and SPF domains, but in any case, it may be helpful).
> What I need, is some configuration instructions about how to achive such a functionality.
> Best Regards
> N. Sideris
- On Mon, Nov 01, 2010 at 01:43:05PM -0500, Stan Hoeppner wrote:
> Victor Duchovni put forth on 11/1/2010 12:27 PM:Yes.
> > - Deploy something similar to the Symantec 8600 (aka Turntide)
> > SMTP traffic shaping appliance, that can rate limit outgoing
> > spam without rerouting the SMTP connection (limitation:
> > it can't see through STARTTLS).
> Is this what you refer to Victor?