[ previous ] [ next ] [ threads ]
 From:  yamahito <yamahito at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] NAT question: redirect all outgoing SMTP to or own SMTP-server
 Date:  Fri, 30 Sep 2005 15:47:24 +0100
> There appear to have been quite a few posts about redirecting SMTP traffic
> to one's own mailserver over the last few days. The technical discussion is
> very interesting, but I fear it does raise a pretty serious privacy issue
> when you start redirecting users' traffic to places it wasn't supposed to go
> without them knowing about it.

Are you serious?  We're talking about straight SMTP, right?  In which
case it's completely open anyway, no security - so we're not
compromising there.  It will still have all the same headers in the
email, with this single exception, so we're not compromising the
information in the email.  The privacy issue is totally irrelevant. 
In terms of choice, the choice of how a network is configured must
always lie with the administration for that network, not the users.

> There have been plenty of posts by folks wanting to do this, and I'm really
> struggling to understand why at all. Anyone who's sending mail through a
> corporate mailserver is probably using authenticated SMTP, so there's a good
> chance they can be accessed from any internet connection anywhere (otherwise
> there'd be all sorts of problems with home workers unable to send mail and
> the like). Many ISPs these days will quite happily accept authenticated SMTP
> on their mailservers, even if they don't officially say it's supported.
> Again, many mailservers will allow a user to relay from anywhere provided
> they've authenticated *somehow*.

It's not always a question of where the business' mailserver will
accept from (although I also think that you're being far too generous
to most corporate mail providers, from the delegate's machines I've
seen - I don't think I've seen one using authenticated SMTP), it is
more a question of networks where outgoing SMTP is blocked to start
with.  And there are very good reasons to do that, especially on a
network where computers you have no ability to administer will be
allowed on your network.