[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Using a RaQ-2 as a mail filter/relay/inbound proxy

Subject: [cobalt-users] Using a RaQ-2 as a mail filter/relay/inbound proxy
From: "John Galt" <john_galt@xxxxxxx>
Date: Thu Oct 10 15:11:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

I have a client that has what might be the most under-utilized RaQ-2 on the planet. It currently runs a DNS server for their domain and reverse (in-addr.arpa) domain. It serves 8 SOA records a day to his ISP's two secondary name servers, and that's all it does, except for a few zone transfers if the DNS information changes (which almost never happens). Global DNS only lists the two secondary name servers at the ISP, so all client queries from the internet go to the ISP, not our RaQ.

The RaQ-2 sits behind a firewall, and the only traffic it is allowed to get from the Internet right now is on the DNS port (and that port is only open to the source addresses of the two secondary DNS servers at the ISP).

The firewall also has a very brain dead mail proxy. I was thinking of turning off the mail proxy and adding another NAT at the firewall and routing inbound traffic to the SMTP port on that new address to a secondary address on the RaQ-2. Then, I'd either set up a mail relay or some kind of spam filter on the RaQ-2 to pre-process the mail and eliminate some of the spam they are getting right now. Here are the requirements:

- The mail relay/filter should be configurable to refuse connections where the domain name on the HELO/EHLO line doesn't resolve to the IP address the connection is originating from. (The current brain-dead proxy on the firewall accepts all connections)

- The mail relay/filter should be configurable to refuse connections based on DNS blacklists like relays.ordb.org, bl.spamcop.net or one of the lists from mail-abuse.org. (The current brain-dead mail proxy can't use blacklists).

There are probably more stringent filtering options that I might want later, but these three things would eliminate about 99% of the spam they are getting now. And today, somewhere around 25-30 percent of their inbound e-mail seems to be spam.

I'm not sure if I want to run a product specifically designed for filtering, or just run a mail relay configured with tighter security. If I want to run a mail relay, I'm not sure if I want to use the Sendmail that's already installed on the RaQ-2 (I think it's version 8.9.xxx), or use a later version of sendmail or possibly a different mail server. Since the SMTP port will be exposed to Internet traffic, I want to use something that is secure and doesn't have a lot of exploitable holes. Sendmail makes me nervous in that area, though I confess that I don't have much recent (within the past 3 years or so) experience with sendmail.

One product I've seen that looks interesting is JSpamFilter (see http://jspamfilter.com). That's a java based filtering mail relay. It does the filtering based on the DNS blacklists. I'm not sure about the connection rules for DNS, though. I'm also not sure how easy it would be to install that product on a RaQ-2. Does the RaQ-2 have a java virtual machine already installed? Or is this something I would have to add in order to use JSpamFilter?

Also, I'm not sure how to set up the secondary IP address on the RaQ-2, and how to start the mailer without also getting the POP and IMAP services(which all seem to come on together when "E-mail server" is turned on from the GUI). I guess I should probably just get in on Telnet and treat this thing like any other Linux box, but the GUI is nice (for the DNS, especially now that I've fixed it to match the requirements of our ISP), and I don't want to totally break the GUI. On the other hand, I don't want someone poking around in the GUI to be able to break what I set up, either. So I might have to make a slight modification to the GUI to eliminate the lines and links that allow the e-mail services to be started, stopped and configured. It looks like eliminating one row of a table on one template will put a stop to that problem (making the e-mail stuff unreachable from the GUI).

I'm looking for comments and advice on this idea.

--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

"Free price comparison tool gives you the best prices and cash back!"
http://www.bestbuyfinder.com/download.htm

Follow-Ups:
- Re: [cobalt-users] Using a RaQ-2 as a mail filter/relay/inbound proxy
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-users] PHP problems on RaQ3 (WAS: no subject)
Next by Date: [cobalt-users] RAQ550 - meta-verify equiv
Previous by thread: RE: [cobalt-users] Cann't uninstall mailscanner
Next by thread: Re: [cobalt-users] Using a RaQ-2 as a mail filter/relay/inbound proxy

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index