Mason, Chris, VF UK - Technology (TS) wrote:
Hi,
Hello.
I am trying to setup ClamSMTP in Transparent Proxy mode, but running into a problem.
This is off-topic... but interesting.
I have got a Client setup to use machine X as my SMTP Proxy which gets sent through a NetScreen 5 FW which does a destination NAT to change the IP to Y.Y.Y.Y:10025 (my ClamSMTP machine).
The traffic description seems wrong.
Usually a transparent proxy works on incomming mail, but you are describing outgoing mail, is this correct?
In mail.log I have the following:
Feb 3 16:14:07 snoopy clamsmtpd: 100000: accepted connection from: 192.168.0.2 Feb 3 16:14:07 snoopy clamsmtpd: 100000: couldn't get source address for transparent proxying: Protocol not available
This is your problem, clamsmtpd is not receiving enough information to set itself as *fully* transparent proxy (i.e. changing the source address in TCP packets to make them appear as if comming from the original source), so clamsmtpd can only work as *semi* transparent proxy.
[snip]
Combining the ClamSMTP proxy and SMTP proxy into one is not really an option for what I am trying to do.
By combining you mean "on one machine"? It works the same with one or two machines, except that you seem to want a DMZ (with clamsmtpd in it and mail server or servers in the protected zone).
Any ideas?
It's not clear if you followed the instructions on clamsmptp's site. The full transparent proxy has only been tested with Linux/FreeBSD machines doing the firewalling. It may work with the NetScreen if it has the ip forwarding functionality; I don't know the NetScreen.
You better ask in clamsmtp's list:
http://sourceforge.net/mailarchive/forum.php?forum=clamsmtp-users
Regards. -- René Berber _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
