Re: Application level proxy for POP3/SMTP protocol



I am no iptables expert but I know that OpenBSD pf can do this kind of
filtering. Knowing the competition between the two groups, it is most
likely possible. You will just write a redirect with dns enabled on the
ruleset.

Nick

On Thu, 2006-06-01 at 15:36 +0800, zHihaO wrote:
Hi all,

I'm in a sticky situation now because of the filtering of internet
traffic out from China. Our users in china have got alot of problems
connecting to our servers here to pop their emails and as a result, we
have to get a server up in a datacentre in china and setup ssh port
forwarding on the server in china. Here is the flow :

chinese users --> china server (high port. eg: 10000 depending on which
local server they are connecting to) --> ssh tunnel --> local server
(POP3 port)

The users in china will connect to our china server like this :
china.mail.domain.com:50000. Port 50000 is actually an ssh tunnel to our
local servers on port 110 here.

Problem is we do have a hugh number of servers and it will be hard to
keep track of the big number of ssh tunnels/ports opened up from china
to our local servers. Any of you know of any good application level
proxy that will redirect users based on the result of their dns records?
For example, users connecting to the china server running this proxy
will be redirected based on the IP address returned when the proxy do a
dig on mail.domain.com or mail2.domain.com and redirect them promptly to
port 110 of either mail.domain.com or mail2.domain.com depending on the
dig result being returned.

Any help will be greatly appreciated..!!!

-zhihao