[Mimedefang] SMTP AUTH password can be used in Mimedefang?
sosogh at 126.com
Mon Nov 24 05:45:36 EST 2008
user at backend.com
outside world -----------> backend server
I assume that:
1.user at backend.com is mail address in backend server
2.IP of backend server is 188.8.131.52
3.MX record of backend.com points to 184.108.40.206
The backend mail server holds three service:
1.SMTP service(serve for outbound mails)
2.MX service(serve for inbound mails)
My users's outlook recognizes that POP3 server and SMTP server are both 220.127.116.11
Outside world recognizes that mail server of domian backend.com is 18.104.22.168
Now I want to set a "transparent anti-spam proxy " for backend server
I can change IP of backend server,
and I donot want to deploy these three service in separate server
>You could configure the backend server to accept mail from the mail only proxy,
> that way anybody not honoring your MX records is lost.
If I do so , any SMTP connnection from users's outlook will be blocked by backend server.
>That's easily prevented, either by configuring the backend server
>itself to reject unauthenticated connections from IP addresses
>that do not belong to your own organization or by blocking
>access to the SMTP port of the backend server from the outside
>on your firewall.
My user's outlook must access to backend server,but their IP are dynamic
So I have to set a "proxy",I set proxy server in a "bridge" mode,make it transparent.
the network is as follow:
eth0 eth1 eth0
outside-----------> proxy ----------> backend
I have to redirect any "SMTP to 22.214.171.124:25" to 126.96.36.199:25 using this cmd on proxy server :
/sbin/iptables -t nat -A PREROUTING -p tcp -d 188.8.131.52 --dport 25 -j DNAT --to-destination 184.108.40.206
>Why would it need to do that? In other words: what relevance does
>the SMTP authentication have for the operation of your anti-spam
Both these connections:
1.from outside world to 220.127.116.11:25
2.from user's outlook to 18.104.22.168:25
are DNAT to 22.214.171.124:25,
so "proxy server" should verify SMTP authentication
>How do you authentificate your users, with sendmail or postfix?
Postfix . Because I set this "proxy server" with postfix and mimedefang
postfix verify valid recipients like this:
postfix call mimedefang , mimedefang call the function "md_check_against_smtp_server"
my($recip, $sender, $ip, $host, $first, $helo,
$rcpt_mailer, $rcpt_host, $rcpt_addr) = @_;
return md_check_against_smtp_server($sender, $recip,"filter.domain.tld","126.96.36.199");
More information about the MIMEDefang