[ previous ] [ next ] [ threads ]
 From:  "Soren Vanggaard Jensen" <svanggaard at hotmail dot com>
 To:  m0n0wall at minotaur dot cc, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] NAT question: redirect all outgoing SMTP to or own SMTP-server
 Date:  Fri, 30 Sep 2005 05:22:49 +0000

First of all i do not think, that legal issues in general should be a major 
concern to the m0n0wall developers. Secondly, there's al already "half the 
functionality" since you are able to setup a dns name for a given host at a 
given domain.

In my feature request post i mentioned setup problems related to a couple of 
guests with inapplicable SMTP settings. Actually the challenge for me goes a 
bit deeper....

In my setup, the monowall is a firewall shared by 4 companies residing in 
the same building. Monowall does traffic shaping on the shared internet 
connection and very basic filtering, routing and NAT on 16 IP addresses.  
Each company has their own firewall connected to m0n0wall LAN.

Some of my jobs are:
Sharing bandwidth fairly
Prioritize VoIP
Make sure that we always have the cheapest ISP

If we change ISP there's a basic challenge: How do i minimize SMTP downtime. 
DNAT would be the perfect tool. Also i would estimate that the building has 
15 visitors a month, which needs help in order to reconfigure SMTP settings. 
Even worse- if we change the settings while they are here - half of them 
calls when the have returned home because they need to reenable their old 

Politically... If someone chooses to use our network... they have to accept 
our network at IT policies.

Best regards
Søren Vanggaard Jensen

>From: "Chris Bagnall" <m0n0wall at minotaur dot cc>
>To: <m0n0wall at lists dot m0n0 dot ch>
>Subject: RE: [m0n0wall] NAT question: redirect all outgoing SMTP to or own 
>Date: Thu, 29 Sep 2005 23:46:20 +0100
>There appear to have been quite a few posts about redirecting SMTP traffic
>to one's own mailserver over the last few days. The technical discussion is
>very interesting, but I fear it does raise a pretty serious privacy issue
>when you start redirecting users' traffic to places it wasn't supposed to 
>without them knowing about it.
>There have been plenty of posts by folks wanting to do this, and I'm really
>struggling to understand why at all. Anyone who's sending mail through a
>corporate mailserver is probably using authenticated SMTP, so there's a 
>chance they can be accessed from any internet connection anywhere 
>there'd be all sorts of problems with home workers unable to send mail and
>the like). Many ISPs these days will quite happily accept authenticated 
>on their mailservers, even if they don't officially say it's supported.
>Again, many mailservers will allow a user to relay from anywhere provided
>they've authenticated *somehow*.
>If folks are seriously looking to redirect everything on 25 back to their
>own mailserver, it may be worth checking the legal ramifications of what
>you're doing - especially if you're providing a paid-for service for the
>C.M. Bagnall, Director, Minotaur I.T. Limited
>Tel: (07010) 710715   Mobile: (07811) 332969   Skype: minotaur-uk
>ICQ: 13350579   AIM: MinotaurUK   MSN: msn at minotaur dot cc   Y!: Minotaur_Chris
>This email is made from 100% recycled electrons
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch