Hi there! Does anyone know about a SMTP proxy and a POP3 proxy? I'm configuring a firewall and I'd like to use proxy for WWW, FTP, SMTP and POP3; so I'm using squid, ftp proxy from SUSE proxy suite and....I can't find anything for SMTP and POP3. Thanks Fiorenza
Hi there! Does anyone know about a SMTP proxy and a POP3 proxy?
I'm configuring a firewall and I'd like to use proxy for WWW, FTP, SMTP and POP3; so I'm using squid, ftp proxy from SUSE proxy suite and....I can't find anything for SMTP and POP3.
Thanks
Fiorenza
Hi, The Firewall Toolkit is certainly an option: http://www.iem.rwth-aachen.de/mirrors/www.fwtk.org/main.html Regards Reto Inversini
Reto Inversini wrote:
Hi there! Does anyone know about a SMTP proxy and a POP3 proxy?
I'm configuring a firewall and I'd like to use proxy for WWW, FTP,
SMTP and
POP3; so I'm using squid, ftp proxy from SUSE proxy suite and....I
can't
find anything for SMTP and POP3.
Thanks
Fiorenza
Remember, the defintion of Proxy is only for HTTP, FTP and GOPHEr, if you need access to other protocol, like POP, SMTP, DNS, etc etc you must have Ip Masq/NAT
-- www.geekcode.com -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/cc/e/it d++ s+:+ a-- C++$ UL+++$ E++ W+++$ w--- O---- M V- PS PE+++ Y+ PGP- t+ 5 X++ R tv+ b++ DI-- D+ G e++$ h! r++ y++ ------END GEEK CODE BLOCK------ - A veces creo que hay vida en otros planetas, y a veces creo que no. En cualquiera de los dos casos, la conclusión es asombrosa (Carl Sagan) -----------------------------------------------------------------
Remember, the defintion of Proxy is only for HTTP, FTP and GOPHEr, if you need access to other protocol, like POP, SMTP, DNS, etc etc you must have Ip Masq/NAT
Bollocks! Show me where you found that info! Bind and every other DNS server on the planet can act as a DNS Forwarder (aka proxy). Gauntlet FW, Tis Firewall Toolkit, Perdition and a number of other firewalls act as POP proxies. In fact the pop proxies often add functionality that the servers they are protecting dont support, Like APOP (Gauntlet and TFWTK), and SSL/TLS (Perdition) and load balancing (Perdition). SMTP on the other hand, is USUALLY not proxied, although again there are some commercial firewalls that do. Gauntlet and TIS "sort of" proxy it. PIX has a protocol "aware" "proxy", which is actually more of an "inspector". Infact it is rare to _need_ an SMTP proxy, as what you usually want is an SMTP blind relay (which is basically a SMTP server that is preconfigured to forward mail). I usually set these up with a combination of Obtuse SMTPD (a very nice, small SMTPD) on the frontend with Postfix/qmail/sendmail doing the work of spitting mail out the other side. The one downside of this is that you cant do AUTH with Obtuse SMTPD. If you need that, then I suggest Postfix due to its simplicity, although Qmail and Sendmail can do it equally well. In any case, if none of these programs existed you can always "proxy" a tcp request with a TCP forwarder of which there are plenty. RINETD is one. I hope that helps somebody.. -- Viel Spaß Peter Nixon - nix@susesecurity.com SuSE Security FAQ Maintainer http://www.susesecurity.com/faq/ "If you think cryptography will solve the problem, then you don't understand cryptography and you don't understand your problem."
On Thu, 16 May 2002 10:17:39 +0200
Fiorenza Meini
Hi there! Does anyone know about a SMTP proxy and a POP3 proxy?
I'm configuring a firewall and I'd like to use proxy for WWW, FTP, SMTP and POP3; so I'm using squid, ftp proxy from SUSE proxy suite and....I can't find anything for SMTP and POP3.
Thanks
Fiorenza
Hi Fiorenza I would take a look at Perdition, however be aware that it is not simply a security proxy, but rather a POP3 proxy that does load balancing, SSL/TLS wraping, LDAP backends etc. I think you will find that the code is pretty tight however, as the author Horms (a friend of mine) is very wary of buffer overflows etc. http://www.vergenet.net/linux/perdition/ -- Viel Spaß Peter Nixon - nix@susesecurity.com SuSE Security FAQ Maintainer http://www.susesecurity.com/faq/ "If you think cryptography will solve the problem, then you don't understand cryptography and you don't understand your problem."
participants (4)
-
Fiorenza Meini
-
Hipolito A. Gonzalez M.
-
Peter Nixon
-
Reto Inversini