Mail Protocols

[ianw1974]

This is more a discussion, than anything else, but nonetheless, is a problem I'm experiencing, and I'm trying to understand the logistics of this.

 

I am being asked, to prepare two machines. One of which is a mail server, the other is if you like a mail filtering system, running a product similar to amavisd-new to strip out viruses, or banned content.

 

Currently, all IMAP/POP3 connections are being made directly to the mail server. I'm now being asked, to set the systems up, so that all the connections are made on the mail filtering system, to then pass to the mail server.

 

Now, I'm thinking this isn't going to work, or is it? Normally POP3/IMAP run on the server that has the mail system, and I'm thinking that if the protocols are running on a different system entirely, it won't know where the mail server is.

 

SMTP isn't a problem, since this can be relayed from the mail filtering system to the mail server itself, so I know this will work OK, or at least should do.

 

Is this normal for POP3/IMAP, or am I being asked something that is impossible? Really appreciate your help on clearing this up, since I'm under the impression it won't work via another system.

[michaelcole]

The only way i have ever seen it is as the first line of defense before it gets to the mail server.

 

They may be thinking that they have old mails and require them to be scanned as well.

 

I have never seen it done the way you are describing you would have to capture all the requests forward them, Download screen then forward to the users..

 

Adds too much time in the interim for the end users, to what i could guess.

 

Also what happens today i download all my mail, Delete mail file on local, Download again then get it all scanned again?

 

http://www.howtoforge.com/linux_spam_filter_mail_gateway

 

The way i would do it, Scan once.. No extra loads.

[ianw1974]

Cool, thanks for the link.

 

I've normally built mail servers with everything on one system. Unfortunately, I've not been able to find any info on how it's supposed to work if all the protocols are running on another system entirely separate from the mail server. And the problem I've got is the mail scanner is on a separate system, and I'm unlikely to be able to change this because it's an existing installation.

 

As I said, smtp is easy, since postfix is on the system, and we just relay to the email server. I feel POP3/IMAP will be a problem, since they would need to know where the email server is, and where the mail is located.

[michaelcole]

I think the only way to really do it for the client is on the SMTP transfer..

 

In the case of POP and IMAP never heard of it and it is not a good method..

 

You are going to have to go back to them and change their ideas..

 

You could do some bouncing of the ports around the office anything for the mail server smtp goes to the other server and the other server talks to the mail server either using a seperate port or using special rules in a shorwall install on the mail server keep the ports but modify where it goes depending on the ip address..

 

so as far as they think and config wise it is all the same just, the servers know differently.