Transparent mail filter distribution

serge · 03-26-2009, 10:48 AM

I have been searching far and wide and could not find a suitable solution.

Does anyone know of a distribution that provides this?

I tried these.
Endian
pfSense
Untangle

None of them seem to do the job.

My current network looks like this
WAN --> router --> LAN containing mail server

The situation I want is as follows
Between the router and the LAN containing the mail server, some sort of transparent firewall distribution that monitors all SMTP traffic and performs mail filtering by adding (for example) "(spam)" to the subject and afterwards have it being sent to the mail server as normal.
Also it should be possible to configure it by adding and removing rules for different levels of spam severity

To me this seems very possible, unfortunately I could not find such a solution.

Thanks a very big lot in advance for all the help!!

archangel_617b · 03-26-2009, 06:09 PM

Quote:

Originally Posted by serge

I have been searching far and wide and could not find a suitable solution.

Does anyone know of a distribution that provides this?

I tried these.
Endian
pfSense
Untangle

None of them seem to do the job.

My current network looks like this
WAN --> router --> LAN containing mail server

The situation I want is as follows
Between the router and the LAN containing the mail server, some sort of transparent firewall distribution that monitors all SMTP traffic and performs mail filtering by adding (for example) "(spam)" to the subject and afterwards have it being sent to the mail server as normal.
Also it should be possible to configure it by adding and removing rules for different levels of spam severity

To me this seems very possible, unfortunately I could not find such a solution.

Thanks a very big lot in advance for all the help!!

It depends on what you want really. If you just want a mail filtering gateway, just push it all through a setup like Postfix+Spamassassin+ClamAV:

http://www.section6.net/wiki/index.p...Amavisd_Clamav

After filtering, the Postfix server can route any remaining good email to your LAN server. This is pretty much how mail filtering appliances work (and this is exactly how Barracudas work, afaik).

- Arch

hjogoo · 03-26-2009, 06:22 PM

I would go for vexim+spamassassin+clamav. Why vexim, much easier to set the spam level.

Quote:

Originally Posted by serge

I have been searching far and wide and could not find a suitable solution.

Does anyone know of a distribution that provides this?

I tried these.
Endian
pfSense
Untangle

None of them seem to do the job.

My current network looks like this
WAN --> router --> LAN containing mail server

The situation I want is as follows
Between the router and the LAN containing the mail server, some sort of transparent firewall distribution that monitors all SMTP traffic and performs mail filtering by adding (for example) "(spam)" to the subject and afterwards have it being sent to the mail server as normal.
Also it should be possible to configure it by adding and removing rules for different levels of spam severity

To me this seems very possible, unfortunately I could not find such a solution.

Thanks a very big lot in advance for all the help!!

serge · 03-27-2009, 03:06 AM

Thanks a lot for the replies!

Quote:

Originally Posted by archangel_617b

It depends on what you want really. If you just want a mail filtering gateway, just push it all through a setup like Postfix+Spamassassin+ClamAV:

After filtering, the Postfix server can route (I do not want a router) any remaining good email to your LAN server. This is pretty much how mail filtering appliances work (and this is exactly how Barracudas work, afaik).

How would I go about that then?

Do I configure a bridged interface assign it an IP in the subnet both interfaces are in?
Should I make sure that filtering takes place only from the 'external' interface through iptables+physdev matching? (it is essential that the solution sits between the router and the lan without any need to change anything else on either WAN or LAN)
Does spamassasin/postfix redirect the traffic to the actual mail server when processed?

serge · 03-30-2009, 05:29 AM

Quote:

Originally Posted by serge

T
How would I go about that then?

Do I configure a bridged interface assign it an IP in the subnet both interfaces are in?
Should I make sure that filtering takes place only from the 'external' interface through iptables+physdev matching? (it is essential that the solution sits between the router and the lan without any need to change anything else on either WAN or LAN)
Does spamassasin/postfix redirect the traffic to the actual mail server when processed?

I think I am starting to get it figured out

I will do the following:

Create a bridged interface.
Let iptables redirect all incoming traffic to port 25 from the external physical interface to the local postfix install.
Let spamassassin process the mail and if it determines it is spam prefix the subject with (SPAM) and perhaps the level of spam (not sure yet)
Set up the current mail server as the relay host.

What remains is, how do I make it easy to configure mails as (not) spam when they are falsely identified?

Thanks a lot so far everyone!!