Weblog entry #1 for fher98
See all weblog entries made by fher98.
#1
Setting up a mail gateway smtp filter
Posted by fher98 on Tue 11 Sep 2007 at 16:47
Hello everyone,..
I have my main courier mta server working perfectly, now we want to filter outgoing smtp mails from our intranet to the internet. Ive heard that exim4 can do this, yesterday I spent the whole afternoon trying to get exim4 to work as my mail gateway; that is to filter mails from internal account only, and to pass the approved ones to the main MTA.
Can any one help me out, Ive read lots of documentation on the web but cant seem to find something that works with lenny. Thanks
I have my main courier mta server working perfectly, now we want to filter outgoing smtp mails from our intranet to the internet. Ive heard that exim4 can do this, yesterday I spent the whole afternoon trying to get exim4 to work as my mail gateway; that is to filter mails from internal account only, and to pass the approved ones to the main MTA.
Can any one help me out, Ive read lots of documentation on the web but cant seem to find something that works with lenny. Thanks
Comments on this Entry
Exactly what do you want to filter? In theory, you may use any MTA on the market. There are also some SMTP proxies out there, such as those for AV ckecks. I known of one called messagewall, may be / may be not be of your interest.
I usually stick with postfix due to its simplicity.
I usually stick with postfix due to its simplicity.
[ Parent | Reply to this comment ]
Thanks for your reply neofpo,
I need to deny some accounts from reaching the internet, lets say user@domain.com can only email users within the same domain, while user00@domain.com can mail each other in the same domain and can go and send email to any other domain en the internet like yahoo.
So I was thinking of setting up a server in the middle, right between my clients and de MTA, with some kind of filter in the smtp that knows which account can only send domain.com and who can send to the outside.
Im not really looking for spam AV filter,.. but some other kind that can be configured to deny access to some accounts via smtp.
I need to deny some accounts from reaching the internet, lets say user@domain.com can only email users within the same domain, while user00@domain.com can mail each other in the same domain and can go and send email to any other domain en the internet like yahoo.
So I was thinking of setting up a server in the middle, right between my clients and de MTA, with some kind of filter in the smtp that knows which account can only send domain.com and who can send to the outside.
Im not really looking for spam AV filter,.. but some other kind that can be configured to deny access to some accounts via smtp.
[ Parent | Reply to this comment ]
Never heard of such kind of software... I guess you will have to build your own custom SMTP proxy... Should not be hard to to, SMTP is a simple protocol and there are many libraries out there.
[ Parent | Reply to this comment ]
Posted by Anonymous (62.140.xx.xx) on Wed 12 Sep 2007 at 08:43
I've done this in several locations using Exim.
Basically you have to create an ACL that says :
If user is one of these, and target domain is not one of the domains that I am responsible for, then reject the email.
The exim docs explain this quite well.
I usually set these things up as virtual users held in MySQL and give them flags specifying whether they can send (and separately whether they can receive) external email.
For those that are wondering why on earth you would want this: it works great in offices with temps or where the owner/manager can be a little bit dictatorial.
Have fun.
Basically you have to create an ACL that says :
If user is one of these, and target domain is not one of the domains that I am responsible for, then reject the email.
The exim docs explain this quite well.
I usually set these things up as virtual users held in MySQL and give them flags specifying whether they can send (and separately whether they can receive) external email.
For those that are wondering why on earth you would want this: it works great in offices with temps or where the owner/manager can be a little bit dictatorial.
Have fun.
[ Parent | Reply to this comment ]
Yeap dictator!!
I see,.. thanks Ill look into it,.. I know exims documentation is quite extensive.
I see,.. thanks Ill look into it,.. I know exims documentation is quite extensive.
[ Parent | Reply to this comment ]
Posted by Anonymous (62.140.xx.xx) on Thu 13 Sep 2007 at 11:21
I forgot to say that this only works if you force them to log in to send mail.
(I sometimes forget all the assumptions that I make: sorry!)
(I sometimes forget all the assumptions that I make: sorry!)
[ Parent | Reply to this comment ]