Le 01/11/2010 10:36, Nicholas Sideris a écrit :
Hello,
I am in a case, where I need to configure a postfix daemon for acting as an
SMTP server, where some spam-filtering and some anti-virus would run in
parallel in the box. This would be a help, for a local ISP, to control spam
relayed outside from his own network and thus avoiding IPs to get blacklisted,
etc. Now my problem. The users can use the SMTP server directly, thus if they
select mysmtp.mynetwork.com everything is okay.
Now, we do suppose that a few users do have a valid subscription for an SMTP
server, outside our network, say theirsmtp.theirnetwork.com. That foreign
server uses SMTP auth as well. Obviously, redirecting that traffic first to our
proxy, results in complete e-mail delivery failure.
Is any way to handle this? Preferable methods.
a) Our SMTP proxy, talks with the foreign SMTP and sends the e-mail accordingly.
b) Our SMTP proxy, just forwards the commands, without checking the e-mail for
spam/virus (not vey wise, but if there's no other solution, is part of the
foreign server's responsibility to do these checks)
c) Our SMTP proxy, just sends the e-mail directly to the recipient after
checking it, without ever talking to the foreign SMTP server (it can cause
problems with DKIM and SPF domains, but in any case, it may be helpful).
In general, you should not redirect traffic "transparently"...
The "common" approach is to block port 25:
- TCP traffic from one of your IPs to a foreign IP on port 25
- TCP traffic from a foreign IP with source port 25 to one of your IPs
then your customers can use port 587.
you can allow few customers to send directly (by whitelisiting their IP
from the block-25 rule).
This way, you don't need an smtp proxy.
[snip]
