[snip]
This is off-topic... but interesting.
Sorry, I thought this list was regarding clamsmtp as well.
Clamsmtp uses clamav, but setting 3rd party software is not really the point of this list, there are many 3rd party packages it would be very difficult to get all the experts in one group.
[snip]
Usually a transparent proxy works on incomming mail, but you are describing outgoing mail, is this correct?
We have a problem at the moment where users are sending out email to mail servers direct on port 25, but we are being added to blacklists (mostly CBL) as a lot of this email is generated from SMTP based email worms. I am assuming by putting this is the way of incoming email then it would be easy to deliver the message as it just looks up the MX of the domain which should be within the current network. As I am using it in the way of outgoing email it will not be able to lookup the proxy which the user was trying to send email through - is this assumption correct based on the idea that a user configures an SMTP proxy to send email through?
You are correct.
In your case you could use clamsmtpd in semi-transparent mode. It doesn't matter which client machine is infected (and sending the emails directly) as long as viruses/trojans are stopped. Probably all you have to do with your setup is disable transparent proxy on clamsmtpd.conf . All non-infected outgoing mail will appear as if coming from the clamsmtpd server.
It should work fine but beware of how you set up for incomming messages; I used clamsmtpd/CommuniGate on the same machine for a while, all virus were catched but the problem is that with semi-transparent mode the mail server sees all incomming messages as coming from itself (127.0.0.1) and CommuniGate becomes an open relay.
BTW there are other packages that may also work, along with clamsmtpd there is proxsmtp (same author), on ClamAV's 3rd party list there is RedWall, snort-inline. Similar to clamsmtp is DspamPD. I haven't tested most of those, just clamsmtpd and dspamd, both as semi-transparent proxies, both work fine except for the open relay problem.
Regards. -- René Berber _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
