Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm looking to install a mail server on a linux box (didn't decide which mailserver i will install yet) with 220 mailboxes that i would like to be accessible by po3/imap. But i have an odd requirement:
I want to be able to filter all external mail manually by one user to remove spams. Confidentiality is not a problem.
Now how can i do this?
Can i use different settings on smtp server for emails coming from internet and emails coming from intranet?
My idea was running 2 smtp servers, one listening for connections on the public IP address, the other one listening for connections on the internal IP. (Actually i would rather like to do this with only one IP address but i've no idea if i can...). On the external SMTP server, i would deliver all incoming emails to the specified mailbox for filtering. The problem i have, is when i forward the good emails to the right people, i lost the sender address... how can i forward an email transparently? Is it possible to set the reply-to address equal to the sender address by a script ?
Then on the internal smtp server, i just want to process normally all emails, delivering to the right mailbox...
Which mail server will allow me to do this?
Is there any simpler solution that i didn't think about?
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
First off, that is absolutely crazy. Why in the world would you want to waste someone's time to do that by hand? The volume of spam is currently growing at up to 20% month over month. July of last year some companies got more spam than in all of 2002 total. This approach does not scale.
I can't think of a good way to separate mail sent from the internal net vs. from the Internet. Using the domain of the sender is no good, because someone outside could spoof sending from your domain and bypass your spam filter. You could use the IP address that the connection originated from, but then you'd have to have some complex filtering in place. The most simple thing would be to run an external SMTP daemon on one IP, and an internal daemon on a different IP. If your mail server is behind a NAT, you could run both servers on the same NIC by using virtual IPs. Your SMTP daemon must support multiple instances running concurrently, though--that means you'll have to configure one instance to deliver to a different mail spool. Again for simplicity, it will probably be much easier to run each daemon on a separate machine.
Your internal server will be very straightforward, nothing different than an ordinary SMTP server. There won't be any configuration besides that to customize it for your domain and make it not accept mail from the outside (make sure it's firewalled from the outside--nothing other than your internal net should be able to connect to it).
The external server will have to be configured to just spool messages and not deliver them. You'll want to configure the machine so that it is NOT considered the final destination host. Basically it will accept mail for your domain, but it will not deliver to the user's mailbox. Then someone will have to manually inspect the mail queue and manually move it over to a different spool directory, where you can force the MTA to deliver the new outbound queue.
Really, the whole setup is overly complicated and predestin to fail. Why can't you just use an automatic filtering tool? It seems like it would save a lot of cost and effort.
Yes, i know that the idea is odd. but it's the only way my client trust filtering...
Hopefully the price of the labourship is not high here.
For the moment they use pop3 account (more than 200 mailboxes...) and their main problem is that if you reply to the forwarded mail, it goes to the person filtering the spam not to the email sender....
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Yes, i know that the idea is odd. but it's the only way my client trust filtering...
?!?!??!?!?!?!
There are commercial products that are very good at filtering, and they even let you review the queue of messages that were stopped so you can release any mistakes. For 200 users, you could spend around $25,000 and get a top of the line product with a 3 year license. It's going to take at least one full-time employee to filter mail by hand for 200 users, and that's assuming they hardly get any mail. I don't now how much labor costs where you are, but $25,000 a year isn't very much for an IT position... It gets worse, though. Next year there is likely to be an exponentially higher amount of spam, since it's increasing month over month. By next year you'll need at least 3 or 4 people to filter the same mail, now $75,000-$100,000 just for one year of filtering...
quote:
--------------------------------------------------------------------------------
There are commercial products that are very good at filtering, and they even let you review the queue of messages that were stopped so you can release any mistakes.
--------------------------------------------------------------------------------
Do you have any product in mind with the queues message feature ?
If i let everything go to the queue, then i have the solution for my problem
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
There are lots of them that have review queues, some that only an administrator can review, some where users can review and edit... Off the top of my head, CipherTrust, Brightmail, Sophos, Postini... There are lots of others too, but those are probably the top 4.
ythevenot, tell your client to pull his head out of his ass. Did I miss something, or are you examining all the mail that is coming in? I work at a place that recieves about 3000 mail message in a week from external addresses. I think we have about 100 mail boxes.... maybe more. We block between 500 - 600 a week just by using RBL's and blocking some foreign (asian) IP's. That catches a lot of spam but not all of it. I have had 2 occations where someone was unjustly put on an RBL. I was able to whitelist them on my end. If you examine every email then I think you are crippling your email system. Email is considered (whether or not it should be) to be a quick means of transporting info and documents by much of the public. If someone needs something asap, then they are screwed under the review system. What happens at night? Does email just sit there? We're not even paying a thing for this. I grabed and old, unused computer off the shelf, and slapped slackware on it. The rest is history.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.