On Wed, Jun 27, 2012 at 4:23 PM, Götz Reinicke goetz.reinicke@filmakademie.de wrote:
Hi,
we do have some subnetworks for private computers, which are allowed to use there public smtp servers like msn, web.de or whatever with the users private accounts.
All our own computers have to send mail trough our mailserver with user authentication.
From time to time we are faced with the fact, that a virus infected private notebook sends spam and we are told by our ISP to take care :)
What might be a good choice to allow clients to send unrestricted transparent mails (= use smtp(s)) but we can monitor? E.g. like a redirect or proxy for smtp?
I like to know which private computer sends lot of mail. :)
Hi, 1. Many malware have their own smtp and can send spam directly. To overcome this, block port tcp 25 on your gateway, and only allow your mailserver.
From the firewall log then you will know which client is infected.
2. In the case that the malware use your mailserver to send the spam, there are plugins to log how many email sent by which client. HTH