From owner-freebsd-questions@FreeBSD.ORG Mon Jul 16 07:05:57 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E851616A401 for ; Mon, 16 Jul 2007 07:05:57 +0000 (UTC) (envelope-from jahilliya@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.224]) by mx1.freebsd.org (Postfix) with ESMTP id 93F6013C4A6 for ; Mon, 16 Jul 2007 07:05:57 +0000 (UTC) (envelope-from jahilliya@gmail.com) Received: by wr-out-0506.google.com with SMTP id i23so465103wra for ; Mon, 16 Jul 2007 00:05:56 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=GoIJDF42FM41FH8hiX6ygFH+dxcqes+E4oevyjON+NuWkz6gEU3TNdVPBy5mTYLfXiaQtPE4fmQBqZ6do/WADVRBawxEVue8ze/7ggCBc2hx17wP98qdbZfnderh0FJDeLzzPCXjigcmdECTxX5re/v21o6sBk18spdOcm50ho0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=BOq53WZMietfn278kKCqVkxMEfsX/KPkZKLIc7S6prsMVuf3Ar+g8Ga+FZkY/2a6/E1FeECYmIKPir0hMi8O0UyEa+OjglgiFTnkQeYe5JuVg9w0NIFW9pCLdHFKYktKKwS4umrdIw6bs4+iHX41kbftYdePDYB+mO40em8mkZc= Received: by 10.142.73.8 with SMTP id v8mr293337wfa.1184569556218; Mon, 16 Jul 2007 00:05:56 -0700 (PDT) Received: by 10.143.4.21 with HTTP; Mon, 16 Jul 2007 00:05:56 -0700 (PDT) Message-ID: Date: Mon, 16 Jul 2007 15:05:56 +0800 From: "Daniel Marsh" To: "Olivier Nicole" In-Reply-To: <200707160549.l6G5nFCP002529@banyan.cs.ait.ac.th> MIME-Version: 1.0 References: <200707130730.l6D7U6v9086226@banyan.cs.ait.ac.th> <47E045D4-44AB-44B8-A358-59ECA482CF81@goldmark.org> <200707160549.l6G5nFCP002529@banyan.cs.ait.ac.th> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Transparent email proxy X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jul 2007 07:05:58 -0000 On 7/16/07, Olivier Nicole wrote: > > Hi, > > > With the firewall, it is easy to make the use of the outgoing mail > > hub compulsory. Is there some reason beyond that that you want to do > > things transparently? > > Yes, I should have been a bit more specific. As university department, > we receive a number of visitors, when they have been in the plane for > 24 hours, they usually want to check their email: each time we have to > inform them that they can only send through our mail gateway, and they > have to temporarily change their setting for the duration fo their > visit, and remember to change back when they left: that is annoying > (and I am not always around to tell them why they cannot send their > email). > > That is why I am thinking about transparent redirection. > > Best regards, > We've setup transparent outgoing mail proxying using ASSP, PF and Postfix. Basically any traffic that has a destination port of 25 on the Internet is sent through our mail proxy, and onwards to the destination mail servers. Main reason for this is simplicity. I've never come across anyone using TLS+SMTP, in most cases I've found that SMTP is accepted as insecure (esp. over the Internet). If we were talking intra-company SMTP over the Internet, different story altogether due to the company needing privacy.