F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
35
7.1.1.2
SMTP Proxy
SMTP proxy
SMTP Proxy
(smtp_service)
Click the
On
and
Off
buttons to start or stop the SMTP proxy service.
Proxy port
Proxy Port
(svcport)
Specifies the port number used by the proxy service. The standard port number is 25.
Usually, you need to specify only the port number .To specify the port number, IP address, and
interface name all together, use the following format:
Syntax:
[A.A.A.A%EEE:PPP|A.A.A.A:PPP|%EEE:PPP|PPP]
(PPP:
Port number, A.A.A.A:
Address, EEE: Interface)
Examples:
9025, 1.2.3.4:9025, %eth0:9025, 1.2.3.4%eth0:9025
■
You can specify only one inbound port numbe . To listen for connections on more
than one port, use the REDIRECT setting in the iptables function of Linux.
For example, to listen for connections on both the standard SMTP port (25) and
the submission port (587), set 25 as the inbound port number and use iptables to
redirect port 587 to port 25. In this case, use the following command to setup
iptables:
# iptables –t nat –A PREROUTING –p tcp –dport 587 –j REDIRECT –to-port 25
After specifying the setting, save the iptables configuration:
# /etc/init.d/iptables save
■
Because SSL communications for protocols such as SMTPs (TCP/port number
465) are encrypted, communications cannot be received directly regardless of
whether iptables redirection is enabled or not. If necessary, install F-Secure
Internet Gatekeeper for Linux so that communications are first decrypted by an
SSL proxy, SSL accelerator, or similar. After this, the communications pass
through Internet Gateway.
Available general-purpose SSL proxies include stunnel and stone.
- stunnel
http://www.stunnel.org/
http://www.atmarkit.co.jp/fsecurity/rensai/securitytips/018stunnnel.html
- stone
http://www.gcd.org/sengoku/stone/Welcome.ja.html
http://www.gcd.org/sengoku/stone/
Virus scanning
Do Virus Check
(virus_check)
Enables or disables virus scanning.
We recommend that you enable this setting.
When you enable both virus and spam scanning, the virus scan result is handled first.
Global settings
Global Settings
These settings apply to all connections not specified in the LAN settings.
Virus e-mails may use spoofed (fake) sender and recipient addresses. The recommended
setting for incoming e-mail is to delete or notify the recipient, and for outgoing mail, to delete or
block sending.
Parent server
Parent Server
(parent_server_host / parent_server_port)
Specifies the host name and port number of the destination SMTP server.