The Fox DataDiode software allows email to be sent to a secure network using SMTP. It takes into account that the domain name of this secure network must remain secret. The upstream proxy is configured to know which email it must forward to the downstream proxy. The downstream proxy, in its turn, is configured to forward all incoming email to a certain domain.
The chain of events consists of 9 steps:
- The client creates an email, destined for email@example.com.
- This email is sent to the mail server on the upstream network.
- The mail server fetches the MX-record of the domain, e.g. ‘downstream.local’. This identifies the upstream proxy as the destination mail server.
- The mail server delivers the mail to the upstream proxy via SMTP.
- The upstream proxy sends the mail to the downstream proxy via the hardware DataDiode.
- The downstream proxy rewrites the domain of the email recipient from @downstream.local to @secure.local.
- The downstream proxy fetches the MX-record of the domain ‘secure.local’. This identifies the mail server on the downstream network as the destination mail server.
- The downstream proxy delivers the message to the mail server via SMTP.
- The client retrieves the message from the mail server.