In this guide we will be setting up a mail proxy and spam checker that will run transparently. This will be running on our Ubuntu UTM server that we have been building and you can check out Part 1 and Part 2 as well.
So let’s get started.
Install the packages we need for this all to work
sudo apt-get install exim4 sa-exim spamassassin
Now we need to configure exim to use Google as a smarthost
sudo dpkg-reconfigure exim4-config
Choose “Mail sent by smarthost…
Set system mail name to whatever fits for you
On the screen for “IP address or host name of outgoing smarthost” enter
Now we need to configure exim with the username/password to use for relaying to work through google
sudo nano /etc/exim4/passwd.client
add these lines to the end of the file
smtp.gmail.com:firstname.lastname@example.org:PaSsWoRd gmail-smtp.l.google.com:email@example.com:PaSsWoRd *.google.com:firstname.lastname@example.org:PaSsWoRd
Now we need to configure the iptables rules for the redirect to work as traffic passes through our bridged utm server and flows through p3scan. This will be accomplished by adding the following rules.
sudo iptables -t nat -A PREROUTING -i br0 -p tcp -m tcp --dport 25 -j REDIRECT --to-port 8110 sudo iptables -t nat -A PREROUTING -i br0 -p tcp -m tcp --dport 110 -j REDIRECT --to-port 8110 sudo iptables -t nat -A PREROUTING -i br0 -p tcp -m tcp --dport 143 -j REDIRECT --to-port 8110
Now we should have a working mail proxy and spam checker as email flows start passing through the UTM. This will only work with smtp (tcp/25), pop3 (tcp/110) and imap (tcp/143). This setup will not work with any web based email. You can verify that email is getting redirected through the proxy using the following command.
sudo iptables -L -v -n -t nat
And there you go. If you have any questions please let me know.