On Thu, 2002-04-04 at 10:29, Craig Hughes wrote:
> So, I understand how I can redirect any traffic from X on port 25 to Y.
> But how do I get Y to know the address that X intended to connect to in
> the first place, so it can open the onward connection? I suppose if Y
> was itself the router, then you could introspect the redirection tables
> or something, but is there some nicer way of handling things?
I've not played with this since a 2.0 linux kernel, however on that if
you have the transparent proxy code in place - which *terminates* the
connection (so X thinks its talking to Z but is actually talking to Y -
if you want Z involved you have to set up a new connection from Y to Z
and futzing that to make it look like it comes from X would be *very*
hard without deep router magic). Anyhow on Y, in userspace you get a
normal TCP socket connection. getpeername() will give X's address,
getsockname() gives the original destination address - Z.
Note that the way I described for SMTP hijacking leaves the session into
a different server from the original target, that server then passes on
the message as per normal - the Received: headers in the message will
show the extra hop.
We certainly never tried to disguise what was happening - we took this
approach as the better choice of either blocking all SMTP to systems
other than our service cluster, or redirecting to a relay machine we
controlled. [The service we were running was a free ISP (other than
call charges) - we had no billing or other verifiable information to
prevent multiple signups or otherwise make users responsible for their
actions, so we had to take preventative action or become the biggest
national spam provider - a crown immediately grabbed by the less clueful
(IMNSHO) folks at the previously monopoly telco in the UK]
Nigel.
--
[ Nigel Metheringham [EMAIL PROTECTED] ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
