Are there any routers currently available that can do port 25 spoofing for dialup users? That is, when the user attempts to connect to port 25 anywhere, he in fact connects to port 25 on your own SMTP server instead. In case it's not obvious, it's for spam management. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
John R Levine writes:
Are there any routers currently available that can do port 25 spoofing for dialup users? That is, when the user attempts to connect to port 25 anywhere, he in fact connects to port 25 on your own SMTP server instead.
In case it's not obvious, it's for spam management.
It seems simple enough to block all outgoing SMTP to anything but your own server, and to apply such a filter on your dialups. I don't know if the more complex solution you propose is worth it -- the users will quickly learn where they should aim their mail... Perry
It seems simple enough to block all outgoing SMTP to anything but your own server, and to apply such a filter on your dialups. I don't know if the more complex solution you propose is worth it -- the users will quickly learn where they should aim their mail...
Experience suggests that's not true -- users whine very loudly that their mail used to work and it doesn't work any more. Telling them that the config that they copied from a friend down the hall, which bounces the mail off the server of some company where the friend used to work, was bogus in the first place rarely impresses them. That's the point in making it transparent. Also, it's for the benefit of people who use these global roaming setups, so they don't have to reconfigure Eudora every time they get off an airplane. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
On Thu, 19 Feb 1998, Perry E. Metzger wrote:
John R Levine writes:
Are there any routers currently available that can do port 25 spoofing for dialup users? That is, when the user attempts to connect to port 25 anywhere, he in fact connects to port 25 on your own SMTP server instead.
In case it's not obvious, it's for spam management.
It seems simple enough to block all outgoing SMTP to anything but your own server, and to apply such a filter on your dialups. I don't know if the more complex solution you propose is worth it -- the users will
Couldn't this be done with transparent proxy just as some ISP's do it for web proxying/caching? CONFIG_IP_TRANSPARENT_PROXY This enables your Linux firewall to transparently redirect any network traffic originating from the local network and destined for a remote host to a local server, called a "transparent proxy server". This makes the local computers think they are talking to the remote end, while in fact they are connected to the local proxy. Redirection is activated by defining special input firewall rules (using the ipfwadm utility) and/or by doing an appropriate bind() system call. ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
In article <Pine.BSI.3.91.980219115057.13529A-100000@ivan.iecc.com>, John R Levine <johnl@iecc.com> wrote:
Are there any routers currently available that can do port 25 spoofing for dialup users? That is, when the user attempts to connect to port 25 anywhere, he in fact connects to port 25 on your own SMTP server instead.
Cisco? Just setup a routemap with an access list that matches TCP port 25, and sets next-hop to a box that supports `transparent proxying'. Linux does, and AFAIK the *BSD's can do it as well. Some squid users are doing this with port 80 to redirect HTTP traffic through the caching proxy - there's some docs for it on http://squid.nlanr.net/ in the FAQ, read the section about "transparent proxying". However I think that policy routing is still process switched, and as such can use a lot of CPU on the router. Mike. -- Miquel van Smoorenburg | The dyslexic, agnostic, insomniac lay in his bed miquels@cistron.nl | awake all night wondering if there is a doG
At 07:52 PM 2/19/98 +0100, Miquel van Smoorenburg wrote:
However I think that policy routing is still process switched, and as such can use a lot of CPU on the router.
Fast switching supported as of 11.3. http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/n... -Steve
participants (5)
-
John R Levine -
Jon Lewis -
miquels@cistron.nl -
Perry E. Metzger -
Steven L. Johnson