On Wed, Jun 27, 2012 at 5:15 PM, Götz Reinicke goetz.reinicke@filmakademie.de wrote:
Am 27.06.12 10:29, schrieb Fajar Priyanto:
On Wed, Jun 27, 2012 at 4:23 PM, Götz Reinicke goetz.reinicke@filmakademie.de wrote:
Hi,
we do have some subnetworks for private computers, which are allowed to use there public smtp servers like msn, web.de or whatever with the users private accounts.
All our own computers have to send mail trough our mailserver with user authentication.
From time to time we are faced with the fact, that a virus infected private notebook sends spam and we are told by our ISP to take care :)
What might be a good choice to allow clients to send unrestricted transparent mails (= use smtp(s)) but we can monitor? E.g. like a redirect or proxy for smtp?
I like to know which private computer sends lot of mail. :)
Hi,
- Many malware have their own smtp and can send spam directly.
To overcome this, block port tcp 25 on your gateway, and only allow your mailserver.
From the firewall log then you will know which client is infected.
- In the case that the malware use your mailserver to send the spam,
there are plugins to log how many email sent by which client. HTH
Hi, thanks for your suggestion. But for the mentioned clients thats not possible. :/ (For our own we do exactly as you suggest :) )
We do have about 100th of freelancers 'flying in and out' of our academy which we cant 'restrict' by forcing tham to change there clients settings.
But may be we have to think about that if thats the only chance we have....
Hi Gotz, I don't understand. Those "clients" are connected to your network, aren't they? Then the proposed solution 1 and 2 would work. Unless what you mean is when they are working from home, but at least solution 2 would give you a clue who send the spam.