Depends on mailer. For postfix I would say yes, don't know exim etc. so good.
Same thing, easy, examples are included. The docs and config-file all explain the lot
As you are at it, check out amaia, (see sourceforge) you will like it. This one makes admin of spam and virus quarantine easy for admin and user.
Even with postfix you can do a lot. The mechanisms presented here you can use with any mailer daemon providing the same features. Here are some basic examples from one of my setups (postfix, amavis, rbl_filter, body & headerchecks). With this setup our local mailserver rejects the critical spam without the usage of spamd. Be sure you have activated the dns lookup function (this kicks header fakers). Before changing anything make backups of your configs. You can enter rbl_lists - even in the case you don't have an open relay - and all mails from well known spammers go to /dev/null. /etc/postfix/main.cf smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain smtpd_client_restrictions = reject_rbl_client relays.ordb.org After that you can implement mime_header_checks and body_checks. /etc/postfix/main.cf: mime_header_checks = regexp:/etc/postfix/mime_header_check body_checks = regexp:/etc/postfix/body_checks /etc/postfix/body_cheacks # sobig rejection # The following statement should all be on one line, # with a space before "reject" # It's two lines due to formatting constraints. /^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA$/ REJECT keep your viruses # Klez rejection # The following statement should all be on one line, # with a space before "reject" # It's two lines due to formatting constraints. /^<iframe src=3Dcid:\S+ height=3D0 width=3D0>/ REJECT No IFRAMEs please /^<FONT>/ REJECT No viruses wanted here /^<IMG>/ REJECT No Images please /etc/postfix/mime_header_checks:#Mime Header Checks #Nimda /^Subject: Make Money Fast/ REJECT Nimda Protection /^To: friend@public.com/ REJECT Nimda Protection #Filetypes /^Content-Type: multipart\/related;.*type=\"multipart\/alternative\";.*boundary=\"====_ABC12 34567890DEF_====\#"*$ / REJECT Blocked File types not allowed #Spammers /^ Body content=\.*(MMailer|K-ML|GoldMine|MAGIC|bomber|expeditor|Brooklyn North|Broadcast|DMailer|Extractor|EMailing List Pro|Group|Fusion|News Breaker|dbMail|Unity|PG-MAILINGLIST PRO|Dynamic| Splio|Sarbacane|sMailing|JMail|Broadc@st|WorkZ).*$ / REJECT Blocked File types not allowed /^Content-Type: application\/octect-stream; name=*\.bat *$/ REJECT Blocked File types not allowed /^Content-Type: audio\/x-wav; name=*\.scr *$/ REJECT Blocked File types not allowed /^Content-Type: audio\/x-midi; name=*\.bat *$/ REJECT Blocked File types not allowed /^Content-Type: application\/octect-stream"; name=*\.bat *$ / REJECT Blocked File types not allowed /^Content-(?:Disposition:\s+attachment;|Type:).*\b(?:file)?name\s*=.*\.(ad[e p]|asd|ba[st]|chm|cmd|com(?=$|")|cpl|crt|dll|eml|exe|hlp|hta|in[fs]|isp |jse?|lnk|md[betw]|ms[cipt]|nws|ocx|ops|pcd|p[ir]f|reg|sc[frt]|sh[bsm]|swf|u rl|vb[esx]?|vxd|ws[cfh])\b/x / REJECT Blocked File types not allowed /filename=\"?(.*)\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|vbe|vbs|vxd|xl )\"?$/ REJECT For security reasons we reject attachments of this type /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(lnk|asd|hlp|ocx|reg|bat| c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wav|mov|wmf|x l))"?\s*$/ REJECT Attachment type not allowed. File "$2" has the unacceptable extension "$3" /^x-mailer: *(CTMailer|MailKing|eMerge|Diffondi|ACE Contact Manager|CyberCreek Avalanche|Achi-Kochi Mail)/ REJECT /^x-mailer: .*(E-mail Magnet|Avalanche|Mailcast|Group Mail|AristotleMail|WorldMerge|Extractor Pro|Floodgate Pro|Emailer Platinum.* InternetMarketing|Ellipse Bulk Emailer|RamoMail|MultiMailer|Advanced Mass Sender)/ REJECT And postfix itself has some basic spam protection since 8.2.You need to activate amavis via /etc/sysconfig/amavis (USE_AMAVIS="yes"). Install any virusscanner, you might want and enter them at /etc/amavisd.conf. Here you have to enter the full path to the virus-scanners. In /etc/postfix/main.cf you must add this line: content_filter = vscan: and in /etc/postfix/master.cf you must add this lines: localhost:10025 inet n - y - - smtpd -o content_filter= vscan unix - n n - 10 pipe user=vscan argv=/usr/sbin/amavis ${sender} ${recipient} If there exists something for exim you will find examples at http://www.debian.org/. It's debians "default" mailer, some use qmail instead. You will get some informations about both on the debian pages with the search function.
Don't think so, guess they use a MTA which does not change any header. You can do a port redirect with iptables on port 25 on your scanning host, redirecting it into a MTA you configure to resend the stuff after scanning.
Hmm, well thinking about this it is rather easy. primary MX is the proxy so that's easy. And mail is used to being relayed (aka proxied) so maybe redirecting outgoing 25 to internal interface ip might just work.
Much easier is to disallow forwarding of connections to port 25 and set internal mailers to use proxy/fw as the standard relay.
First you need a mailer entry in the dns and set the priority of 1st, 2nd ... MX in the dns entries. Then you can configure one smtp as spam- & virus- filter. This "external" mailserver will be setup as smarthost for all the "internal" ones (2nd, 3rd ...). This even works with exchange or any somehow "insecure" mailserver in the internal network. I did this with david sl, exchange 2000 (for exchange you can even get a free or/rbl filter from http://martijnjongen.com/eng/). On the firewall you block incoming traffic to all internal mailservers. Depending on the transfer you might want to add the rates of the mailserver. If it gets too much mails some mails will be rejected with standard config. For postfix there are some basic infos in the /usr/share/doc/packages/postfix folder. Reguards Philippe P.S.: After all changes you made you have to restart postfix and amavis.