mailscanner behind a smtpd frontend
Philipp Snizek
philipp.snizek at terreactive.ch
Mon Feb 13 14:54:53 GMT 2006
> >
> True... More and more I find such dumbed down red boxes, doing for $10k
> what can be done for a couple of dozen dollars of commodity (or even
> used) hardware. Even so, the red boxes will occasionally hiccup - or
> completely die on you, requiring tedious reloading of software and
> rules. The sysadmins can't work up the nerve to come up to the PHB and
> tell him that red box his golf buddies told him about is just an
> overpriced and overmarketed piece of ... equipment that provides a
> function that could have been demonstrably better performed at a lower cost.
>
> That's one of my pet peeves. The other one that comes up a lot is the
> fact that most of those same sysadmins will buy these "transparent
> proxy" boxes that come with one or more forms of "antivirus", for
> e-mail/web/etc. - instead of a properly configured box with MailScanner
> + squid + clamav + squidclamav + etc.. These are the same sysadmins that
> call you for help 6 months later when their entire network became a
> botnet after becoming infected with spyware (AV vendor says "it's not a
> virus, so why do I care"), or when they find they can't send email out
> because they've wound up on an RBL because their network is an unwitting
> spam source, or to find where and how the keylogger got installed on the
> PHB's machine, or to see if there's anything we can do to get his
> ebay/bank/email password back after someone stole it because they
> trusted an overpriced "commercial" offering they'd heard of instead of a
> system of tools that are known to work better, faster and more efficiently.
>
> I think I'd better go back to work; I haven't even had my first cup of
> coffee and I'm already ranting... can't imagine what I'll be like around
> noon after my 4th... ;)
I of course agree with both of you. A firewall is a firewall .... a.s.o.
=> no services on it.
But thats not the question.
The question is that I have got an smtpd before a smtpd+sa+ms+av. Of
course the smtpd is protected by a transparent L3/4 paketfilter.
Generally, I can't break this setup. Still I'm looking for a solution
whether mails a) could be sent transparently through the smtpd to the
antispam gw (transparently = leaves no trace in the email's header), b)
SA can be told that it should ignore the smtpd's received:from header,
c) MailScanner can cut the particular received:from header before mails
get injected into SA or d) ...your idea...
Many people use a smtp proxy to protect their SA box. I want to make
sure that the SA box doesn't learn that the smtp proxy sometimes sends
crap. That's why the received:from header must be ignored, cut,
whatever.
Thanks so far for your answers
Philipp
More information about the MailScanner
mailing list