Re: Q about mail proxy servers and setups

> -----Original Message-----
> From: David B Funk [mailto:dbfunkengineering.uiowa.edu] 
> Sent: Monday, September 24, 2007 12:07 AM
> To: Michael Scheidell
> Cc: usersspamassassin.apache.org; Amavis-Users
> Subject: RE: Q about mail proxy servers and setups
> 
> 
> On Sun, 23 Sep 2007, Michael Scheidell wrote:
> 
> > For the purposes of this discussion, the biggest
reason I 
> can't be on 
> > the edge where Id like to be is that there is a
massive proxy/load 
> > balancer/failover device that does more than
email.
> >
> > Many firewalls 'proxy' the email also, so its not
like you 
> can take it 
> > out.
> 
> Is there any chance you can talk them into running a 
> -transparent- SMTP proxy rather than a SMTP relay? It
acts 
> more like an ISO layer 2 bridge (but specific to SMTP 
> traffic) so not to disturb the contents.
> 

As you might suspect, one of the IT people at this company
who has been
there 20 years wrote the thing.

I tried.  That was my first suggestion.  That would fix
graylisting
(which I don't do), fix SPF an SPF HELO, and SENDER ID,
blacklisting,
tarpitting, etc.

MIGHT fix p0f, but don't know.

I am going to write up a whitepaper on why NOT to put an
anti-spam/MTA
behind a proxy, cite all relevant, good suggestions and send
it to them.

____________________________________________________________
_____________
This email has been scanned and certified safe by
SpammerTrap(tm). 
For Information please see http://www.spammertrap.com

____________________________________________________________
_____________

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

Michael,

> I tried.  That was my first suggestion.  That would fix
graylisting
> (which I don't do), fix SPF an SPF HELO, and SENDER ID,
blacklisting,
> tarpitting, etc.

SPF, sid, blacklisting etc. work just fine on an internal
host as long
as the proxy is preserving the information about the client
connection
in a Received header field, and
(trusted/internal/msa)_networks
is configured correctly.

> MIGHT fix p0f, but don't know.

The p0f itself MUST see the original raw TCP session in
order
to be able to analyze it. This means that p0f needs to be on
the
first-contact machine where TCP session is terminated (e.g.
on a
mail proxy). As a clumsy workaround, the mail proxy could
capture
a tcpdump of the start of a session (first few packets) and
pass
it to a remote p0f for analysis, but this is even more
cumbersome.
Or perhaps a L2 port mirroring could be used as another
clumsy
workaround.

As long as the p0f daemon itself can be located on a mail
proxy host,
the actual mail content filtering (e.g.
MTA+amavisd+SpamAssassin)
may be running on a different host, it just needs to be able
to
obtain information from the p0f daemon from the external
host.
Either through a p0f-analyzer.pl running along with p0f on
an
external host (this is simplest), or perhaps by feeding the
streaming output of 'p0f -l' to the internal host.

  Mark

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/