Linux in bridge mode transparent smtp proxy?

Hi All,
If running a snort inline in bridge mode
DslRouter---Eth0-Snortinline-eth1 lan  (where eth0 and eth1 has no ip address)
And there is a eth2 with 192.168.1.10 ip address anyone know of a way to forward all eth0 mail to a smtp proxy to scan for virus and then forward it?
And the same from internal network also forward it before it is being sent out?
benjshAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wesly_chenCommented:
Hi,

(internet)   ----  (snort)  ---- smtp proxy  (MX record)
                                    \__ email server

  I'm not sure what your smtp proxy can do. But for incoming mail via smtp proxy, set your MX record point to smtp proxy and
smtp proxy forward to your email server.

   As for outgoing, if your smtp proxy can do bi-directory relay (inbound relay to another mail server and outbound send out
directory), then set the outgoing mail forward to smtp proxy on your email server.

   If not, then you need another email scanner sever to handle outgoing emails (set mail forward to it on your email server).

Wesly
0
benjshAuthor Commented:
Hi,
I have:
Rotuer----Eth0(no ip)---Snortinline box-eth1(no ip)---LocalLan-Mailserver
                                                \____eth2----------locallan
eth2 has 192.168.1.10 and the mail server has 192.168.1.11
running in bridge mode:

ifconfig eth0 0.0.0.0 down
ifconfig eth1 0.0.0.0 down
brctl addbr br0
brctl stp br0 off
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 0.0.0.0 up
ifconfig eth0 up
ifconfig eth1 up
ifconfig eth2 192.168.1.10 netmask 255.255.255.0 up
modprobe ip_queue
iptables -A FORWARD -j QUEUE

now is it possible that on eth0 when it sees smtp traffic it will "take" it and forward to eth2 interface on port 25 and parse it and forward to local lan mail server?
And when the lcoal mail server sents outgoing mail on eth1 it will again "take" it and sent out ?
And then on eth2 with the ip i simple run a sendmail with clamav.
The problem is i have a router where they dont allow you to reconfigure it otherwise it would be more simple.

Are there any software to do this transperent mail proxy?
0
wesly_chenCommented:
1>  is it possible that on eth0 when it sees smtp traffic it will "take" it and forward to eth2 interface on port 25
Yes, iptables can do that port forward for SMTP from eth0 to eth2.

2> when the local mail server sents outgoing mail on eth1 it will again "take" it and sent out ?
Yes, iptables can do SMTP port forwarding from eth1 to eth2.

But I'm not very sure the combination will work.

However, if you do one-to-one NAT for smtp proxy so it has mapped WAN IP address, then setting MX record to
smtp proxy's WAN IP will do the trick for question 1>.

> Are there any software to do this transperent mail proxy?
I don't know one.

One thing that for local/internal user, the emails won't be scan since they are delivered locally in you LAN mail server.

Wesly
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
benjshAuthor Commented:
1>  is it possible that on eth0 when it sees smtp traffic it will "take" it and forward to eth2 interface on port 25
Yes, iptables can do that port forward for SMTP from eth0 to eth2.

2> when the local mail server sents outgoing mail on eth1 it will again "take" it and sent out ?
Yes, iptables can do SMTP port forwarding from eth1 to eth2.

Do you know how to setup that so I can test?
0
wesly_chenCommented:
Hi,

   For the bridge mode, I'm not sure how exactly to set the iptables. You may want to check following URL for refernece.
http://www.experts-exchange.com/Networking/Linux_Networking/Q_20888834.html

Wesly
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.