anyone try a transparent POP3 Proxy for AV/AS scanning?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by aweber1nj, Nov 15, 2006.

  1. aweber1nj

    aweber1nj LI Guru Member

    I'm just trying to avoid the major costs associated with another gateway/router upgrade and especially the re-occurring costs for a AV/AS "subscription" like those offered by Checkpoint, Fortinet, etc. I also don't want to start setting-up my own mail servers to handle the incoming email traffic...too much of a bother.

    I figure I can cobble together a linux-based POP3/SMTP (and maybe even IMAP) proxy/filter with some opensource tools (pop3.proxy, SpamAssassin, ClamAV, etc.). But I'm trying to figure out if the RV042 is going to be able to help me make this a "transparent" filter.

    For example, on my SOHO network, I have multiple users connecting to a few different ISP mail servers. Can I get their emails automagically filtered on the way into my LAN by forcing the client-email to connect "through" my proxy? How about without requiring the end-users to re-configure their mail-server information???

    I guess I have to somehow re-route any traffic on those (standard) ports through my "software appliance", and get that appliance to connect out to the mail servers (thus the proxy-part)? But how to force client-PCs to re-route to the appliance, yet still allow the appliance to connect directly to the ISP mail servers?

    Am I making this too tough? This seems to be a worthwhile endeavor, no?

    If anyone has any ideas or wants to setup a mini-project with me to accomplish it, let me know!

    Thanks in advance!
  2. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    I've played with IPCop w/Copfilter add-on...and also played with Endian (been using Endian at home for quite a while).

    They are transparent don't have to reconfigure any workstations to go through them. You use these linux boxes as your router...WAN interface (red) and LAN interface (green).

    The "Copfilter" add-on for IPCop brings along the transparent proxy features of AV and SPAM removal, etc. Endian is built on top of IPCop w/Copfilter..has all those features built in to begin a much more polished package.
  3. aweber1nj

    aweber1nj LI Guru Member

    So you're using a Workstation/Server (some form of x86 PC) as your router? In additon to a RV0xx?

    I know I could actually insert a box between my RV and the rest of my network, but I have always been skeptical of the throughput/overhead.

    I'm trying to get ONLY email protocols to be redirected through the "appliance" so that I can AV-scan and Anti-Spam-scan them.

    Thanks for the feedback. I'll check-out your ideas!


    PS: Did you get an invite for the "Guinness Legacy" private parties in your area??? I'm going to one on Tuesday!
  4. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    No I've been piddling with it at home for a my one and only NAT router. I'm not a fan of double NAT'ing. Unless you have your primary router there for a purpose....I'd replace it with one of these boxes. Build on even modest horsepower...they'll easily run circles around any business grade router you could purchase for under 10 grand. Not to mention a SOHO grade router for a few hundred bucks.

    I used an small form factor Compaq Evo 510, a Pentium 4 2.4 gig with 512 megs, a 20 or 40 gig Seagate 'Cuda drive. On board Intel 10/100 NIC, and a 3COM 905 PCI NIC.

    I've not used it in a production environment with a client...yet. I'm quite close to joined up with Endians reseller program though....the product really interests me. All the UTM (unified threat management) features...they're great. Antivirus/Antispam/Antimalware protection for the entire network...all done at the router level. Easy to deploy OpenVPN server. I wouldn't use it as my only line of defence...I'd still want good antivirus on the workstations and mail server...but it's a great first line of defense. Just look at all the features they have...

    Check out the reseller program, the pre-made units. For resellers...a management console so, from your office, you can constantly monitor all your Endian clients.

    The SMTP proxy...I run it at home with my Small Business Servers Exchange. You don't actually have to open/forward port 25 like on a regular NAT just enable the SMTP proxy..tell it what features you want to flip on...and direct it to your internal mail servers IP..filling in the QFDN for your mail. That being how it works...I bet you could take an Endian box...stick it behind your existing NAT port 25 on your NAT router to the red zone on your Endian box...create a separate IP range for the green zone...adding a second NIC to your mail server in that IP range....thus...incoming mail from the internet would go through that loop to your mail server....getting "washed" by Endian.

    "No" on the Guinness invite. :(
  5. aweber1nj

    aweber1nj LI Guru Member

    Interesting. I've been wondering what a "reasonable" amount of hardware would be to throw at it -- I can read "minimum" all day, but I would like to minimize any discernable lag between my load-balanced DSL (3Mbps) and Cable (8Mbps) and my LAN, and I'm going to upgrade to FiOS in the next month as it's finally available on my street! :biggrin:

    Can Endian or Copfilter handle two "Red" NICs for my two ISPs?

    Really, I've been most concerned that with the off-the-shelf, open-source firewall products, I wouldn't be able to build as secure and fast an "appliance" as a dedicated SOHO device (like the RV042). I trust linux for uptime, etc. I just assumed the amount of overhead a full (or even partial) linux distro would throw into the mix would consume way too much and really, visibly slow-down my Inet traffic.


    PS: If you PM me your email address, I can forward you some stuff to help find a "Guinness Legacy" party near you.
  6. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    According to their FAQs...they support multiple WAN connections..see section 9.

    I have run it on another small form factor box I had, a P3 733 with 320 megs of RAM...honestly she ran just as snappy for me. When I ran IPCop w/Copfilter...I did notice a slight slowdown on that 733 box when I had ad-filter enabled...IPCop ran snappier on the P4 box.

    Endian however...seems to run smoother than IPCop. While you'll see people will talk about " can run a linux router on any old Pentium with minimal RAM"...IMO when you crank up the antivirus, antispam, filtering, etc...that does take a bit more resources. Still...I'm confident in saying even if you grab any entry grade Pentium 3 box with at least 256 megs of'll have a router that will run circles around anything else you have for a router...spare for something like a 10,000 dollar Cisco or Juniper.

    My surfing is noticably snappier on Endian even on the 733 box...than my RV082.
  7. aweber1nj

    aweber1nj LI Guru Member

    What's all the nonsense on the Endian mailing-list about the project being "dead"? Is Endian just going forward with the h/w based appliance and abandoning the community version? If so, I'd probably stick with IPCop/Copfilter -- which looks like it's roughly the same, but probably will maintain support for a while longer.

  8. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    I hadn't heard a thing about that. They just had an updated ISO released early October...makes me think it's not dead.
  9. aweber1nj

    aweber1nj LI Guru Member

    Oh, man. This idea was looking really good, but I might have found a serious roadblock/deal-breaker...

    Can ipcop or Endian handle IPSec VPN pass-thru from clients on GREEN to servers on RED??? This would be an absolute requirement for SOHO work so I can connect to various clients' networks from my laptop.

    I read a note that says ipcop can not -- but almost any $100 off-the-shelf (hardware) router can??? What's up with that??? :confused:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice