Re: clamav and snat

• Previous message: Sten Daniel Sørsdal: "Postfix+Courier-Imap with MySQL."
• In reply to: vaida bogdan: "clamav and snat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 19 Feb 2005 01:53:56 +0200
To: vaida bogdan <vaida.bogdan@gmail.com>

On Fri, 18 Feb 2005 18:19:39 +0200
vaida bogdan <vaida.bogdan@gmail.com> wrote:

> Hy, I use postfix+mailscanner on my mail server to block a lot of
> virii comming from my internal network. I would like to implement a
> solution to block virii traffic on the internal gateway. The network
> looks like this:
>
> WIN-
> WIN- ----GW1----- -----MAIL SERVER----- -----GW2----
> WIN-
>
> GW1 does snat:
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> SNAT all -- intip/24 anywhere to:extip
>
> One (or more) WIN is infected but I don't know which of the 30
> computers on the network. I receive virused attachments on the MAIL
> SERVER from the GW1's ip. WIN are on the internal network.
>
> An ideea would be to extract mail traffic passing through GW1 in mbox
> format and scan it with clamav (but it would still have the snatted
> ext ip). I'm looking for better ideeas/implementations. Also, please
> tell me which tool should I use to sniff mail on GW1 or if there is a
> better solution.

 I'm not familiar with the snat you're using but couldn't you:
redirect GW1_intip:25 to loopback:25 before NATing
put a transparent smtp proxy to listen on loopback:25 and relay on MIALSERVER

tail -f /path/to/proxy_log

smtp proxy could be mail/dspampd or security//clamsmtp

-- 
IOnut
Unregistered ;) FreeBSD "user"
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: Sten Daniel Sørsdal: "Postfix+Courier-Imap with MySQL."
• In reply to: vaida bogdan: "clamav and snat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]