MailScanner for outbound only
Denis Beauchemin
Denis.Beauchemin at USHERBROOKE.CA
Thu Feb 10 20:43:10 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Peter Russell wrote:
> I have been asked to provide a machine that can scan all outbound smtp
> traffic on the network. We have loads of students and some use own mail
> clients, they ahve own unprotected laptops etc etc - so we will make a
> firewall rule that all outbound on port 25 goes to this new mail relay.
>
> I am already familiar with mailscanner and postfix.
>
> Is this simply a matter of building a mailscanner machine, config
> postfix to access mail from the firewall interface only, and bob's your
> mothers brother?
>
> Who does aoutbound scanning - how do you do it? anyone got any better
> suggestions for wyhole of company outbound scanning?
>
Pete,
We have 2 MS servers for inside use: they both answer to the name
smtp.usherbrooke.ca through our DNS setup. To make sure they would not
get outside mail I have allowed only internal IP addresses through iptables.
All computers use smtp.usherbrooke.ca as their outgoing server while our
MX are on 2 different servers. This makes it possible to have different
MS rules for inbound and outbound email.
Denis
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x2252 F: 819.821.8045
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
[ Part 2, "S/MIME Cryptographic Signature" ]
[ Application/X-PKCS7-SIGNATURE 4.4KB. ]
[ Unable to print this part. ]
More information about the MailScanner
mailing list