"The basic outline of the system consists of using Bash
scripts, metamail, grep, the Obtuse Systems' smtpd product, Samba
and a command-line virus scanner. A flowchart-style diagram can be
found in Figure 1. The Obtuse Systems' SMTP store and forward
package is freely available at www.obtuse.com/smtpd.html. The
current version as of this writing is version 2.0. The virus
scanner I chose was McAfee Virus Scan for UNIX/Linux, but there are
quite a few others to choose from. Some are free and some are not.
Do make sure you choose one that sets exit status codes based on
what it finds and that is well supported with frequent signature
updates.
The system can be set up on an existing Linux firewall or a
separate machine, if you do not already have a Linux firewall in
place. If you choose to set up a separate machine as the e-mail
firewall, it doesn't have to be very powerful. A 200MHz 586 with
32MB of RAM would be plenty. Our network is attached to the
Internet via SDSL and is protected by a Mandrake Linux machine
running IP masquerade. This design made it easy to set up the
system on our current firewall machine. The internal e-mail system
used is not important as long as it speaks SMTP or ESMTP. In our
case, we use Novell's Groupwise product. All SMTP traffic (port 25)
should be redirected from the SMTP port on the firewall to the
machine you have set up as your e-mail firewall on the inside (or
to the firewall itself in our case). Now let's move on to the
actual setup."
