Re: Transparent email proxy
- From: Paul procacci <pprocacci@xxxxxxxxxxxxx>
- Date: Fri, 13 Jul 2007 03:35:02 -0500
Olivier Nicole wrote:
Hi,The answer to your question is yes. To elaborate a bit more however here is a personal document I wrote (i.e. wasn't intended for anyone else), hopefully it provides you with good enough information and/or the information you were looking for. Mind you, this is BSD and qmail (yes, I'm a fanboy) specific. This assumes you are familiar with the software I decided to use under the components heading. Certainly feel free to ask any questions. I realize the document isn't "production quality" due to the reasons given about, but rest assured I can vouche for this method.
As an ISP, or the person in charge of a large organisation, have you
ever set-up a transparent email redirection: all outgoing email would
be proceeded to an outgoing server in order to check for virus, spam,
whatever.
Best regards,
Olivier
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
Additionally note, this is obviously not the only method.....just that it's my method. ;P Cheers!
~Paul
----------------------------------------------
I have 5 machines behind a load balancer, one of which is FBSD 4.11, and the other 4 are FBSD 6.2. The component list I used is as follows:
Components
tcpserver
daemontools
qmail w/ QMAILQUEUE patch
qmail-qfilter
spamassassin
*custom c scripts (These are optional; one is provided)
Flow
This is the current flow of any emails that reach the cluster. Note the items listed within *'s are custom programs and explained later in this document:
tcpserver->qmail-smtpd->qmail-qfilter->spamc->*reject_spam*->qmail-queue->qmail-remote
**Note :: reject_spam is included because that is needed for denying emails. (You could rewrite it in perl or sh if you needed to)
Installation
The installation for any new and existing proxy boxes is extremely straightforward.
For all but qmail listed above, use the ports tree.
Setup spamd to create the /tmp/.spamd.sock socket. That's what I call mine, yours can/will vary.
Once all this is installed, create /etc/tcp.smtp with the following entry and build the cdb file:
:+RELAYCLIENT=+QMAILQUEUE=/var/qmail/bin/qmail-queue-spam
Ensure tcpserver uses that file(i.e. -x)
While in /usr/ports/qmail.....
a) upload the attached files (patch-qmail.c and patch-Makefile) into ./files/
b) edit patch-qmail.c to reflect a message you would like to give.
'+ case 20: return "DAnti-SPAM Threshold Reached see http://domain.com/legal_information.aspx";;'
c) type: make extract
d) type: make patch
e) copy the attached file (reject-spam.c) to ./work/qmail*/
f) Now, I haven't included some of my patches here do to sensative information. Therefore, you'll need to edit the Makefile (work/qmail-*/Makefile) to removed any and all references to check_block and reject-record-spam.
g) type: make install
h) copy reject-spam to /var/qmail/bin
i) Copy the attached shell script (qmail-queue-spam) to /var/qmail/bin/; that is going to tie this together.
Please note that it's NECESSARY to use the local software FW to allow relaying. IPFW is a good choice (my preference anyways). Deny everything to port 25, and only allow the hosts you want. I found this to be the easiest.
Then on those hosts, smarthost the "hidden" (not really) machine. --- Makefile.orig Thu Dec 14 16:23:19 2006
+++ Makefile Thu Dec 14 16:25:12 2006
@@ -157,6 +157,37 @@
> binm2
chmod 755 binm2
+check_block: \
+load check_block.o alloc.a error.a stralloc.a substdio.a control.o env.a open.a \
+getln.a fs.a str.a
+ ./load check_block control.o stralloc.a substdio.a alloc.a \
+ error.a env.a str.a open.a getln.a fs.a str.a -L/usr/local/lib/mysql -lmysqlclient
+
+check_block.o: \
+compile check_block.c stralloc.h substdio.h readwrite.h str.h
+ ./compile check_block.c -I/usr/local/include
+
+reject-record-spam: \
+load reject-record-spam.o slurpclose.o alloc.a str.a error.a stralloc.a getln.a \
+substdio.a control.o env.a fs.a
+ ./load reject-record-spam control.o slurpclose.o getln.a stralloc.a substdio.a alloc.a \
+ error.a env.a str.a fs.a open.a -L/usr/local/lib/mysql -lmysqlclient
+
+
+reject-record-spam.o: \
+compile reject-record-spam.c stralloc.h substdio.h readwrite.h getln.h str.h scan.h fmt.h
+ ./compile reject-record-spam.c -I/usr/local/include
+
+reject-spam: \
+load reject-spam.o alloc.a str.a error.a stralloc.a getln.a \
+substdio.a
+ ./load reject-spam getln.a stralloc.a substdio.a str.a alloc.a \
+ error.a
+
+reject-spam.o: \
+compile reject-spam.c stralloc.h substdio.h readwrite.h getln.h str.h
+ ./compile reject-spam.c
+
binm2+df: \
binm2+df.sh conf-qmail
cat binm2+df.sh \
@@ -808,7 +839,7 @@
forward preline condredirect bouncesaying except maildirmake \
maildir2mbox maildirwatch qail elq pinq idedit install-big install \
instcheck home home+df proc proc+df binm1 binm1+df binm2 binm2+df \
-binm3 binm3+df
+binm3 binm3+df check_block reject-record-spam reject-spam
load: \
make-load warn-auto.sh systype
#!/bin/sh
exec /usr/local/bin/qmail-qfilter \
/usr/local/bin/spamc -t 60 -s 250000 -U /tmp/.spamd.sock -- \
/var/qmail/bin/reject-spam
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Transparent email proxy
- From: Paul procacci
- Re: Transparent email proxy
- References:
- Transparent email proxy
- From: Olivier Nicole
- Transparent email proxy
- Prev by Date: Re: is is able to setting up DNS server reverse lookup with DynamicIP?
- Next by Date: Re: Transparent email proxy
- Previous by thread: Re: Transparent email proxy
- Next by thread: Re: Transparent email proxy
- Index(es):
Relevant Pages
|
|
