> > I want to build a spam appliance... it will run an application which > > accepts SMTP connections, opens its own connection to a back-end MTA, > > and acts as an application relay in real time, forwarding the SMTP > > exchange (not at the packet level) from the incoming connection to > > the MTA, while possibly making some changes to the data being forwarded. > > Just as a random thought... > > Is it possible to run this on an IP-less box? Put it in between the > MTA's, rdr SMTP to the local box on the internal interface, and work from > there?
That's actually what I'm doing, though it turns out that if you want to route traffic to the clients from the bridge itself (which I would) then you need to put IPs on both bridge interfaces. Doesn't seem to matter if they're routable IPs, and long as they're present. However that doesn't help me work out how to fake the source address dynamically per connection. It may not be possible with pf, though it's more likely possible with pf than any other mechanism. My guess is that 90% of the work is already done in pf but some new code may be needed for that last 10%. If that's the case though it may be a long time before I finish this project :-) (Unless I can find a pf developer interested in adding new features) G
