Join Log in
Score:1
Evgeny avatar Server

Email proxy architecture

ru flag
Evgeny

I'm trying to figure out how email proxies generally work. I want to present the way I see the architecture, would be glad if anyone could explain which of my assumptions is flawed and what am I missing.

Assume I've purchased an email domain, let's say example.com, now I want to proxy all emails arriving to my domain, do some computation on them and then either drop the email or forward it to the destination based on the computation result.

  1. I will change MX record for example.com to arrive to my email proxy server that will be available via some public ip or domain
  2. Now all emails arrive to my proxy server, i can then write some custom code, analyze the email and either drop it or decide to forward
  3. Now comes the unclear part for me, how do I forward the email? Do i just resend it with the same sender and recipients? Then obviously I won't be able to pass authentication on the destination server as I'm not allowed to send emails from every possible domain.

My understanding is that I should somehow whitelist my proxy by IP or domain on the email destination? To basically allow emails arriving from my proxy to bypass authentication?

So that's what I tried to do:

  • When sending email I need to specify SMTP server and port, if I'm forwarding email, should this be a sender SMTP server or recipient SMTP server? If yes how can I skip sender authentication on the destination?

  • As a small POC I tried to just send unauthenticated email from my personal gmail to my personal outlook, so I've sent an email via smtp.office365.com:587 and I've whitelisted IP of the machine I've sent an email from on Outlook side but it didn't work. I was failing with:

could not send email 1: 530 5.7.57 Client not authenticated to send mail. [VI1P194CA0052.EURP194.PROD.OUTLOOK.COM]"

Any help is appreciated. Also if anyone familiar with some existing solutions that allow injecting custom code for handling will be happy to know.

361
1 + 3
AnFi avatar
fi flag
AnFi
**WHY** do your need incoming SMTP proxy? e.g. Dynamic IP address, slow/unreliable internet link,… . Also state OS you use (many recipes/software) are Linux/Unix specific.
0
Reply
Evgeny avatar
ru flag
Evgeny
@AnFi Just for the sake of an example, suppose I have developed some custom phishing solution and I want to apply it on my incoming emails, is there any other solution to make this code run on every incoming email without arriving to inbox? Isn't this what proxies are for?
0
Reply
Evgeny avatar
ru flag
Evgeny
@AnFi I'm currently developing on MacOS but it doesn't matter I can use whatever OS that is required for my email proxy server.
0
Reply
Score:2
AnFi avatar Server
fi flag
AnFi

Server side incoming mail anti-spam filtering [milter]

Standard recommendation for incoming mail anti-spam filtering requires in SMTP sessions filtering. Messages "classified as spam" are rejected in reply to "the final dot" (end of message transmission) or even earlier. It makes sender aware in case of false positive but it avoids taking over responsibility for sending bounce message (notification via email).

You may use milter extensions to get such functionality. Milters are supported by Sendmail, Postfix and other SMTP servers.

You can use MIMEDefang milter to get "a working prototype" fast. MIMEDefang uses Perl script for filtering so you may (initially) simply call your program from the Perl script. MIMEDefang is available as Debian-Linux package (it usually means availability on many Linux distributions).

+ 3
Evgeny avatar
ru flag
Evgeny
Got it. Do you maybe have an example of how Postfix should be configured to forward emails to their destination? So as I understand, i can install postfix on cloud. I can then set MX record for my domain to point to that cloud server IP. Now all emails are arriving to this ip, postfix will intercept the mail, milter extension will filter, and then how do i tell postfix to forward it to original destination? Am I missing any steps?
0
Reply
AnFi avatar
fi flag
AnFi
Look for configuration recipes for secondary MX forwarding to primary MX - it is pretty standard/simple configuration. **Recommended** trickier part is rejecting emails to non existing users/mailboxes.
1
Reply
AnFi avatar
fi flag
AnFi
BTW There are milters validating recipients via SMTP session to primary MX. They may require tweaking primary MX configurations because such validations are usually blocked (for spammers).
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.