mailscanner behind a smtpd frontend

Philipp Snizek philipp.snizek at terreactive.ch
Mon Feb 13 14:54:53 GMT 2006


> >   
> True... More and more I find such dumbed down red boxes, doing for $10k 
> what can be done for a couple of dozen dollars of commodity (or even 
> used) hardware. Even so, the red boxes will occasionally hiccup - or 
> completely die on you, requiring tedious reloading of software and 
> rules. The sysadmins can't work up the nerve to come up to the PHB and 
> tell him that red box his golf buddies told him about is just an 
> overpriced and overmarketed piece of ... equipment that provides a 
> function that could have been demonstrably better performed at a lower cost.
> 
> That's one of my pet peeves. The other one that comes up a lot is the 
> fact that most of those same sysadmins will buy these "transparent 
> proxy" boxes that come with one or more forms of "antivirus", for 
> e-mail/web/etc. - instead of a properly configured box with MailScanner 
> + squid + clamav + squidclamav + etc.. These are the same sysadmins that 
> call you for help 6 months later when their entire network became a 
> botnet after becoming infected with spyware (AV vendor says "it's not a 
> virus, so why do I care"), or when they find they can't send email out 
> because they've wound up on an RBL because their network is an unwitting 
> spam source, or to find where and how the keylogger got installed on the 
> PHB's machine, or to see if there's anything we can do to get his 
> ebay/bank/email password back after someone stole it because they 
> trusted an overpriced "commercial" offering they'd heard of instead of a 
> system of tools that are known to work better, faster and more efficiently.
> 
> I think I'd better go back to work; I haven't even had my first cup of 
> coffee and I'm already ranting... can't imagine what I'll be like around 
> noon after my 4th... ;)

I of course agree with both of you. A firewall is a firewall .... a.s.o.
=> no services on it. 
But thats not the question.
The question is that I have got an smtpd before a smtpd+sa+ms+av. Of
course the smtpd is protected by a transparent L3/4 paketfilter.
Generally, I can't break this setup. Still I'm looking for a solution
whether mails a) could be sent transparently through the smtpd to the
antispam gw (transparently = leaves no trace in the email's header), b)
SA can be told that it should ignore the smtpd's received:from header,
c) MailScanner can cut the particular received:from header before mails
get injected into SA or d) ...your idea...

Many people use a smtp proxy to protect their SA box. I want to make
sure that the SA box doesn't learn that the smtp proxy sometimes sends
crap. That's why the received:from header must be ignored, cut,
whatever.

Thanks so far for your answers


Philipp



 



More information about the MailScanner mailing list