Firewall Wizards mailing list archives
Re: SMTP forwarding question
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 30 Sep 2004 14:14:48 -0400
Attila Nagy wrote:
The problem: there is a network from which all outgoing SMTP connections should be handled by the company's mail gateway (virus and spam checking, etc) BUT the roaming users must be able to use their companies' SMTP server, possibly via SMTP AUTH (with or without starttls) and/or POP before SMTP (or any other solutions which work over tcp/25).
First off, that's a stupid policy - fortunately it's not mine so I won't say any more about it than what I already have...
If I forget about POP before SMTP, do you see any open source (or even commercial) solution which could transparently let authenticated SMTP sessions through, while redirecting the remaining ones to a local mail server?
This could probably be done with the proxy transparency rules of some old-school firewalls, or with redirector rules in a load-balancer. You could achieve the same effect by blackhole-routing the targets to a subnet with a small box that could effectively man-in-the-middle proxy/NAT the traffic to its final destination. At the very least you want a good audit trail of what the enemy agents (excuse me, "roaming users") inside the enterprise are sending, and to whom. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- SMTP forwarding question Attila Nagy (Sep 30)
- Re: SMTP forwarding question Marcus J. Ranum (Sep 30)
- Re: SMTP forwarding question Nagy Attila (Sep 30)
- Re: SMTP forwarding question Jim Seymour (Sep 30)
- Re: SMTP forwarding question Devdas Bhagat (Sep 30)
- Re: SMTP forwarding question Marcus J. Ranum (Sep 30)