Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Proxsmtp (Email capture package like imspector) {$200}

    Scheduled Pinned Locked Moved Expired/Withdrawn Bounties
    11 Posts 5 Posters 11.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      billm
      last edited by

      The biggest issue I see with this software is the requirement for ipfw for transparent mode.  I'm betting it's not worth the asking price to you without that.

      –Bill

      pfSense core developer
      blog - http://www.ucsecurity.com/
      twitter - billmarquette

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Looks like a standard NAT port redirect, doesn't seem like it would require ipfw, though they used it and iptables as an example.

        It probably just needs a NAT rule like:

        LAN  TCP  25 (SMTP)  127.0.0.1 / (ext.: any) 10025

        Sort of like what squid and the FTP proxy do behind the scenes.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • K
          kapara
          last edited by

          The biggest issue I see with this software is the requirement for ipfw for transparent modeThe biggest issue I see with this software is the requirement for ipfw for transparent mode

          Sorry but I don not understand what you mean by that.  I don't know what ipfw is and how it relates to this being possible or not.  I will look it up.

          Thanks

          Skype ID:  Marinhd

          1 Reply Last reply Reply Quote 0
          • B
            billm
            last edited by

            @jimp:

            Looks like a standard NAT port redirect, doesn't seem like it would require ipfw, though they used it and iptables as an example.

            It probably just needs a NAT rule like:

            LAN  TCP  25 (SMTP)  127.0.0.1 / (ext.: any) 10025

            Sort of like what squid and the FTP proxy do behind the scenes.

            In transparent mode the daemon needs to know where the connection was intended to go to forward it on.  The way it does that on FreeBSD is to use a socket option that as far as I can tell IPFW (which is built into FreeBSD by default) exposes.  PF has an ioctl that daemons can use to access this data - proxsmtp does not use that ioctl, therefore one of three options are a requirement for this bounty.

            • 1. Transparent mode is not a requirement

            • 2. IPFW is used somehow - I'm positive there will be conflicts with other stuff using this method

            • 3. The source code to the daemon will need to be updated to support PF - I've looked at the code, it's pretty simple, but I don't fully understand what needs to be done to implement PF support (and it really needs to be maintained by the author anyway)

            If nobody has snagged this by the hackathon, I will consider spending more time on it then.

            –Bill

            pfSense core developer
            blog - http://www.ucsecurity.com/
            twitter - billmarquette

            1 Reply Last reply Reply Quote 0
            • E
              eri--
              last edited by

              Its just a proxy it is not intended to be run without the routing layer running!
              It behaves the same as spamd AFAIK just happens to provide some services that the poster sees as better ones.

              1 Reply Last reply Reply Quote 0
              • K
                kapara
                last edited by

                Some companies I work for have made the request to capture all email traffic passing through the firewall.  This was the only thing I could find that would allow me to capture and archive for further inspection.  Mostly its to make sure that no one is sending out confidential information.

                Skype ID:  Marinhd

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  @billm:

                  In transparent mode the daemon needs to know where the connection was intended to go to forward it on.  The way it does that on FreeBSD is to use a socket option that as far as I can tell IPFW (which is built into FreeBSD by default) exposes.  PF has an ioctl that daemons can use to access this data - proxsmtp does not use that ioctl, therefore one of three options are a requirement for this bounty.

                  • 1. Transparent mode is not a requirement

                  • 2. IPFW is used somehow - I'm positive there will be conflicts with other stuff using this method

                  • 3. The source code to the daemon will need to be updated to support PF - I've looked at the code, it's pretty simple, but I don't fully understand what needs to be done to implement PF support (and it really needs to be maintained by the author anyway)

                  If nobody has snagged this by the hackathon, I will consider spending more time on it then.

                  –Bill

                  You're quite right about it not being as simple as I'd hoped. I had forgotten that ipfw fwd does not rewrite the destination address, whereas pf's rdr rules do.

                  A quick google search turns up that some people do in fact use ipfw on top of pf to accomplish such things, but that doesn't seem like an ideal solution.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • J
                    josey
                    last edited by

                    is there any news about this package?
                    im interested too

                    1 Reply Last reply Reply Quote 0
                    • K
                      kapara
                      last edited by

                      @josey

                      Best way to show interest and get a response is by adding to the bounty.

                      Thanks,

                      Mark

                      Skype ID:  Marinhd

                      1 Reply Last reply Reply Quote 0
                      • K
                        kapara
                        last edited by

                        Please remove bounty

                        Skype ID:  Marinhd

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.