Re: [fw-wiz] SMTP forwarding question

From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
Date: 09/30/04 

To: firewall-wizards@honor.icsalabs.com
Date: Thu, 30 Sep 2004 23:09:59 +0530

On 29/09/04 15:57 +0200, Attila Nagy wrote:
> Hello,
>
> I have a problem in my mind and I am curious on what do you think about
> the possible solutions.
>
> The problem: there is a network from which all outgoing SMTP connections
> should be handled by the company's mail gateway (virus and spam
> checking, etc) BUT the roaming users must be able to use their
> companies' SMTP server, possibly via SMTP AUTH (with or without
> starttls) and/or POP before SMTP (or any other solutions which work over
> tcp/25).
>
> If I forget about POP before SMTP, do you see any open source (or even
> commercial) solution which could transparently let authenticated SMTP
> sessions through, while redirecting the remaining ones to a local mail
> server?
You want a system that looks something like this:

                |-----> Authenticating SMTP servers (1) ------->|
World <-------->|-----> Inbound MX(es) (2) <--------------------|
                |<----- Outbound MTA(s) (3) <-------------------|

(1) These systems accept mail only on port 25 and/or 587. SMTP AUTH
preferred, SSL authentication might work as well. These are the mail
gateways for everyone, including internal users. These systems have two
possible routes for mail to leave:
a) The inbound MXes.
b) The outbound MTAs.
They cannot send mail anywhere else.

(2) These systems accept mail for the organization, but do not relay for
any other domains. They send the mail on to your mailstore servers.

(3) These systems are your frontend gateways. These are the only ones
allowed to initiate contact with the outside world.

Note that all three of these could be the same box.

Now, if you could draw a diagram of your network scenario, it would be
much more helpful in offering a solution.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: If I had a dollar for every Linux box...
    ... >'authenticated SMTP' nowadays. ... then it has *some* advantage over straight SMTP sending. ... Even out of context, ANY authentication is better than NO authentication. ... >inherent problems with it, and the ready availability of many simpler, more ...
    (microsoft.public.mac.office.entourage)
  • Re: If I had a dollar for every Linux box...
    ... >'authenticated SMTP' nowadays. ... then it has *some* advantage over straight SMTP sending. ... Even out of context, ANY authentication is better than NO authentication. ... >inherent problems with it, and the ready availability of many simpler, more ...
    (microsoft.public.mac.office.entourage)
  • RE: POP/SMTP Proxy
    ... IT may cost more but MXTreme units also function very well as SMTP ... Subject: POP/SMTP Proxy ... We use Norton Antivirus for Gateways, and it's saved us on several ... the company Internet connection. ...
    (Security-Basics)
  • Re: Authenticated SMTP
    ... I would think that an MTA as popular as postfix ... Subject: Authenticated SMTP ... To unsubscribe, ...
    (freebsd-questions)
  • RE: Authenticated SMTP
    ... You might want to consider SMTP AUTH, assuming your mail clients support it. ... with sendmail so can't help you with postfix, ... > To this end, I'd like to setup authenticated SMTP, preferably using ...
    (freebsd-questions)