Re: [fw-wiz] SMTP forwarding question

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 09/30/04

  • Next message: Roberts, Shawn: "RE: [fw-wiz] Pass-through VPN" 
    To: Attila Nagy <bra@fsn.hu>, firewall-wizards@honor.icsalabs.com
Date: Thu, 30 Sep 2004 14:14:48 -0400

    Attila Nagy wrote:
    >The problem: there is a network from which all outgoing SMTP connections should be handled by the company's mail gateway (virus and spam checking, etc) BUT the roaming users must be able to use their companies' SMTP server, possibly via SMTP AUTH (with or without starttls) and/or POP before SMTP (or any other solutions which work over tcp/25).

    First off, that's a stupid policy - fortunately it's not mine so I
    won't say any more about it than what I already have...

    >If I forget about POP before SMTP, do you see any open source (or even commercial) solution which could transparently let authenticated SMTP sessions through, while redirecting the remaining ones to a local mail server?

    This could probably be done with the proxy transparency rules of
    some old-school firewalls, or with redirector rules in a load-balancer.
    You could achieve the same effect by blackhole-routing the targets
    to a subnet with a small box that could effectively man-in-the-middle
    proxy/NAT the traffic to its final destination. At the very least
    you want a good audit trail of what the enemy agents (excuse
    me, "roaming users") inside the enterprise are sending, and to whom.

    mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Roberts, Shawn: "RE: [fw-wiz] Pass-through VPN"