I have considered using a proxy directly back to our smarthost, but I am
attracted to the idea that the machine does not have any users and that
the internal smtp server is not talking to the world. This is a degree
of Security By Obscurity (bad, bad...) but it is also a level of
insulation. My goal is to find a minimalist implementation similar to
smap to lessen the likelihood of holes. I have been digging through
qmail and so far it seems the best answer in my book. I'm still working
out the details in the design, so I'll know more when I get there.
Chris
>-----Original Message-----
>From: Stout, Bill [SMTP:bill .
stout @
hidata .
com]
>Sent: Wednesday, December 18, 1996 10:15 AM
>To: Firewalls Mailing list; Chris Pugrud
>Subject: RE: SMTPD gateway
>
>You might want to examine what Raptor NT software does. It
>does not act as a SMTP/SMAP server, but it has a SMTP proxy.
>
>What it does is filter SMTP commands destined for internal mail
>exchange hosts. You might want to build or grep the net for a
>proxy that does the same.
>
>A side benefit is since the firewall does not process SMTP mail
>but only filters the SMTP command set to an internal host,
>the firewall does less work and runs faster.
>
>Bill Stout
>
>>----------
>>From: Chris Pugrud[SMTP:ChrisP @
steldyn .
com]
>>Sent: Tuesday, December 17, 1996 7:47 PM
>>To: Firewalls Mailing list
>>Subject: SMTPD gateway
>>
>>I'm working on yet another firewall for my network here and NT just
>>can't do what the new setup dictates. The critical piece that I am
>>missing is a smtpd agent. All it needs to do is receive smtp and
>>forward either based on DNS or a local configuration file. The target
>>machine is Linux, although it may fall back to NetBSD. I would prefer
>>not to use smap because of the licensing (consultant installation)
>>restrictions. If all else fails I will probably fall back on smap.
>>
>>Help appreciated, flames are not.
>>
>>Chris
>>
|
|
