Linux Enterprise Mail Server Security Guides – Chapter 2

Now, before doing anything else, we will explain how the different pieces of software work together to provide the required functionality.

First, you should know that we will be using these software (listed in the order an incoming email from internet would follow):

1) Mail Avenger (incoming) – Listening on port 25, public interface. RBL’s are checked now.
2) Mail gets processed through Avenger scripts that will scan for virus, spam, etc.
3) internal Courier-MTA – Standard delivery (aliases, etc).

As you can see, the incoming chain is quite simple. The difficulty will be added in item 2, where we will develop some scripts to use ClamAV Antivirus, SpamAssasin and some home-made FROM/TO ACL tests that will tell Avenger if mail has to be accepted into stage 3.

Now, for outgoing mail, the chain is a bit longer:

1) MUA
2) Internal Courier-MTA
3) Outgoing Mail-Avenger
4) nbSMTP using an external MTA as Smarthost
5) the internet!

You can read that as: “User sends an eMail using his email client, configured to use Courier-MTA as SMTP server. Courier itself is configured to route non-local eMail to a Smarthost which is the Outgoing Mail-Avenger. The Avenger clamscans, spamassassins and ACL checks the eMail and, if it i accepted, forwards it to the nullbrainer’s SMTP client, which itselfs forwards the eMail to an outside MTA, that will end the email to Internet”.

Some people have asked me if this ACL/Virus/Spam content filtering could be implemented in Courier-MTA by using Courier Filters. The answer is “YES”. BUT, my idea is to show that Courier-MTA could be removed from the chain and replaced with, let’s say, an M$ Exchange server. This way, you get a very nice group of software that can be plugged in lots of different configurations, protecting your internal eMail server from Internet, succesfully splitting the MTA in two stages: Border and Internal.

Think about this, and we will continue next week.

Yours,
Buanzo

Artículos relacionados:

Si te gustó este articulo, ¿ Porque no dejas un comentario a continuación y continuas la conversación, o te suscribes a los feeds y recibes los artículos directamente en tu lector?

Comentarios

No comments yet.

Sorry, the comment form is closed at this time.