Re: SMTP forwarding question

["Marcus J. Ranum" <mjr () ranum com>]

Attila Nagy wrote:
> The problem: there is a network from which all outgoing SMTP connections should be handled by the company's mail 
> gateway (virus and spam checking, etc) BUT the roaming users must be able to use their companies' SMTP server, 
> possibly via SMTP AUTH (with or without starttls) and/or POP before SMTP (or any other solutions which work over 
> tcp/25).

First off, that's a stupid policy - fortunately it's not mine so I
won't say any more about it than what I already have...

> If I forget about POP before SMTP, do you see any open source (or even commercial) solution which could transparently 
> let authenticated SMTP sessions through, while redirecting the remaining ones to a local mail server?

This could probably be done with the proxy transparency rules of
some old-school firewalls, or with redirector rules in a load-balancer.
You could achieve the same effect by blackhole-routing the targets
to a subnet with a small box that could effectively man-in-the-middle
proxy/NAT the traffic to its final destination. At the very least
you want a good audit trail of what the enemy agents (excuse
me, "roaming users") inside the enterprise are sending, and to whom.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards