Transparent SMTP proxy

Transparent SMTP proxies are specialized Mail Transfer Agents (MTAs) that, similar other types of proxy servers, pass SMTP sessions through to other MTAs. They differ from regular MTAs in that they neither relay e-mail via store-and-forwarding nor delivering the e-mail to mailboxes. Instead, when they receive an SMTP session, they open up another SMTP session to a destination MTA. Any errors/status information from the destination MTA will be passed back to sending MTA through the proxy.

Uses
When SMTP proxies are placed on the outgoing network, they typically are used to intercept all SMTP connections to make sure that unauthorized e-mail, spam, e-mail worms, etc. are not sent from the network. This is common on internet connections provided by hotels, company networks, and some ISPs and is discussed in RFC 5068.

More commonly is when SMTP proxies are placed on the incoming network where they typically are used in the integration of anti-spam techniques into MTAs, the creation of e-mail hubs for load balancing, or to forward e-mail from a company-wide domain name to individual department mail servers. By using a proxy instead of the more common store-and-forward method of relaying e-mail, backscatter can be greatly reduced.

An advantage of SMTP proxies is that they work with any already installed mail server. If one decides to switch to a different MTA, they can still use the same SMTP proxy.

Certain SMTP proxies implement connection management, which ensures that no matter how big a spike in traffic coming from the outside (e.g. a virus outbreak or a DoS attack), the back-end mail server will not receive more connections than it can handle.

Some proxies can implement throttling - where suspect SMTP connections are slowed down. When slowed down, spammers typically give up (since they need to deliver huge volumes of email), whereas legitimate senders don't mind waiting a few minutes. This is a lenient version of tarpitting.

Throttling is hard to implement in a non-SMTP proxy solution, since each throttling connection holds up a usually heavy-weight process or thread, whereas a proxy can be implemented as a very efficient asynchronous I/O solution which can juggle thousands of connections at once.

Another reason to use a proxy is that while the DNS allows multiple MX records which can be used to spread the load of incoming e-mail across multiple servers, DNS is not the best method for load balancing. Also, DNS can not easily allow more than about a dozen MX records, limiting the total number of incoming mail servers, which can be a problem for many large ISPs and corporations. By using transparent SMTP proxies, it is possible to improve the load balancing and increase the number of back-end mail servers.
 
< Prev   Next >