SMTP network security processing in a transparent relay in a computer network
First Claim
1. A network security system for processing e-mail transactions, the system comprising:
- an e-mail server on a first computer, the e-mail server being configured as a mail transfer agent;
an SMTP e-mail client on a second computer;
an SMTP transparent relay implemented separately from the first computer and the second computer, the SMTP transparent relay being configured to receive and process e-mail communications between the SMTP e-mail client and the e-mail server, the SMTP transparent relay being configured to examine the e-mail communications for network security policy violations, to perform policy actions on particular e-mail communications that violate a network security policy, and to relay particular e-mail communications that do not violate a network security policy; and
a router configured to divert to the SMTP transparent relay the e-mail communications between the SMTP e-mail client and the e-mail server, the e-mail communications having a destination IP address of the SMTP e-mail client or a destination IP address of the e-mail server as received by the router and as transmitted by the router to the SMTP transparent relay,wherein the SMTP transparent relay includes a communications interface for each of the e-mail server and the SMTP e-mail client running in promiscuous mode.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a transparent relay receives diverted e-mail communications between an e-mail client and an e-mail server. The transparent relay may be configured to examine the e-mail communications for network security policy violations. E-mail communications that do not violate a network security policy may be relayed to their intended destination. Policy actions, such as discarding or redirection, may be performed on those that violate one or more network security policies. The transparent relay may include a pair of communications interfaces running in promiscuous mode, one for downstream communications and another for upstream communications. The transparent relay may decompose a network communication protocol to look network security policy violations.
51 Citations
12 Claims
-
1. A network security system for processing e-mail transactions, the system comprising:
-
an e-mail server on a first computer, the e-mail server being configured as a mail transfer agent; an SMTP e-mail client on a second computer; an SMTP transparent relay implemented separately from the first computer and the second computer, the SMTP transparent relay being configured to receive and process e-mail communications between the SMTP e-mail client and the e-mail server, the SMTP transparent relay being configured to examine the e-mail communications for network security policy violations, to perform policy actions on particular e-mail communications that violate a network security policy, and to relay particular e-mail communications that do not violate a network security policy; and a router configured to divert to the SMTP transparent relay the e-mail communications between the SMTP e-mail client and the e-mail server, the e-mail communications having a destination IP address of the SMTP e-mail client or a destination IP address of the e-mail server as received by the router and as transmitted by the router to the SMTP transparent relay, wherein the SMTP transparent relay includes a communications interface for each of the e-mail server and the SMTP e-mail client running in promiscuous mode. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of processing e-mail communications for network security, the method comprising:
-
transparently receiving in a computer configured as an SMTP transparent relay diverted e-mail packets originated by an SMTP e-mail client to be sent to an e-mail server, the e-mail server being configured as a mail transfer agent, each of the diverted e-mail packets having a destination IP address that does not correspond to any of the computer as received for processing by the computer, the SMTP transparent relay including a communication interface for each of the e-mail server and the SMTP client running in promiscuous mode; in the computer, checking the diverted e-mail packets originated by the SMTP e-mail client for connection initiation packets configured to initiate an e-mail connection between the SMTP e-mail client and the e-mail server; determining whether the connection initiation packets violate a first policy in a plurality of network security policies; and performing a first policy action on the connection initiation packets if the connection initiation packets violate the first policy. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A method of processing computer communications for network security, the method comprising:
-
transparently receiving in a computer configured as an SMTP transparent relay diverted packets between a client computer configured as an SMTP e-mail client and a server computer configured as a mail transfer agent communicating over a communication session in accordance with SMTP, the diverted packets having a destination IP address of either the client computer or the server computer as received in the computer configured as the SMTP transparent relay, the computer configured as the SMTP transparent relay including a communications interface in promiscuous mode for each of the client computer and the server computer; monitoring the communication session between the client computer and the server computer by checking SMTP commands sent by the client computer to the server computer and responses by the server computer to the SMTP commands sent by the client computer at different states of the SMTP to check for network security policy violations; and relaying communications between the client computer and the server computer when the monitoring of the communication session does not indicate a network security policy violation.
-
Specification