Filter outbound SMTP from ISP
Steve Freegard
steve.freegard at fsl.com
Tue Aug 12 19:46:43 IST 2008
Paulo Roncon wrote:
> Helo all,
>
> I'm wondering if there's a way to filter ALL Outbound SMTP in a ISP before it goes to their destination MTA?
>
> I have a working mailscanner server that filters from:ALL to my domain. This is simple to achieve.
> What i'm aiming at is: Filter all SMTP traffic from my ISP networks between its origins and its destination.
>
> Is there a way to say to my MTA to accept all SMTP traffic that goes to him, filter the mails, and send them on their way?
>
> Can this be done?
Not really sure that I follow what you are trying to achieve.
You seem to be indicating that you want some sort of transparent proxy
that scans messages for all your users regardless of whether or not they
use your outbound MTAs??
> Ideias?
Well if my previous statement was correct; then the only way you could
achieve that would be to redirect all port 25 traffic on your routers to
a cluster of scanning MTAs that allow your entire IP space to relay.
That way any outbound connections on port 25 regardless of their
destination would hit your outbound MTA pool for scanning prior to
queueing to the next hop.
I wouldn't have thought this was the best idea though; you'd be better
off implementing a block on port 25 outbound to anywhere except your own
smart hosts and put something in place allow individual users to lift
the block for their own static IP addresses as many other ISPs have
done. That way you don't have to scan torrents of junk from botted
machines and try and decide what to do with it - they simply go to
/dev/null.
Regards,
Steve.
More information about the MailScanner
mailing list