Re: ??: [Exim] Exim as transparent "proxy"?

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: swhite
Data:  
Para: exim-users
Asunto: Re: ??: [Exim] Exim as transparent "proxy"?
On 30 Nov 2001, at 16:51, Sergey Matveychuk wrote:

> I see no troubles to do it. Just direct all SMTP traffic to server you want.
> Needness of special HTTP transparent proxy explains by need to save
> destination IP address of connection. For SMTP destination IP is not
> important.


Not quite - transparency is needed if an SMTP server on a host
with IP address of, say, 10.1.1.1 is to intercept a SMTP session
destined for, say, 123.234.45.6 (**gross.oversimplification.alert**)

> Really it is a bad idea. You have to now all your mailservers if you are a
> system administrator of your company. If you aren't, I guess your company is
> bad organized and everyone acts as he wants.


I wish it were that simple. This isn't a single company but rather
many organisations making use of a common Intranet and a
common connection to the Internet. Each organisation has its own
IT department with various servers, including mailservers, and all of
these are run by each organisation seperately. There is no overall
controlling body. Placing relays at strategic points in the network
and requiring the mailservers to forward their mail to the relays
(smart hosts) has been tried and has worked but bottlenecks have
crept in and we can't keep on upgrading equipment or lines.

In the interests of efficiency and speed of mail deliveries, allowing
direct deliveries based on the DNS entries between the users of the
Intranet is necessary but deliveries to the larger Internet must be
relayed. Transparent operation or a multiple DNS hierarchy with
fake root nameservers are the only solutions I can think of and the
thought of fake root nameservers gives me the willies.

Still, if it can't be done then then I'll either have to do the DNS stuff
or try and get some co-operation and agreement from the various
hundreds of mailhost admins. Herding cats would be easier.


Regards,

- Sean.