[Mimedefang] Mail Bypassing Mimedefang

Mark Suter suter at zwitterion.humbug.org.au
Thu May 27 04:53:42 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bill,

> Our site is well protected by mimedefang/spamassassin/clamav/file-scan 
> etc, but unfortunately the powers-that-be insist on allowing people to 
> access other external mail servers via socks. The result is that we get 
> all sorts of undesireable email completely bypassing the mail server. Is 
> there any way of linking the socks server with mimedefang? Or is there 
> another product that will do the job?

The other answers not withstanding, traffic leaving the socks server is
readily interceptable.  A simple "transparent proxy" for SMTP (just a
redirect, nothing else is needed) will put a check on outgoing emails.

A quick check of Debian's archives turns up "p3scan":

    $ apt-cache show p3scan | grep -A10 Description
    Description: transparent POP3-proxy with virus- and spam-scanning
     p3scan uses iptables port re-direction to intercept outgoing POP3
     connections. It provides different types of email scanning and is ideal
     for helping to protect your "Other OS" LAN from harm, especially when
     used in conjunction with a firewall and other Internet Proxy servers.
     .
     It is designed to enable scanning of incoming email messages for
     virus's, worms, trojans, spam, and harmfull attachments. Because viewing
     HTML mail can enable a spammer to validate an email address (via Web
     bugs), it can also provide HTML stripping.

Another option (maybe not with your PTB) would be to use dsniff to
capture the cleartext POP3 passwords and write a fetchamil config.

Yours sincerely,

Mark Suter                        Miju Systems http://www.miju.com.au/
Phone: +61 411 262 316            PO Box 176, Corinda Q 4075, Australia
Email: mark.suter at miju.com.au     ABN 48 065 548 496
                                  Fax: +61 7 3278 2343
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Check Keyservers or http://zwitterion.org/keys/

iD8DBQFAtayWRYso2ixx1j0RAvKfAJ9Y+A+YkjoKwUS/R+slnhOdEmBphgCfcXa/
0gE3g2x5tCLk8RO5LjnSOfQ=
=kYWk
-----END PGP SIGNATURE-----



More information about the MIMEDefang mailing list