On Wed, Jun 27, 2012 at 5:15 PM, Götz Reinicke <goetz.reinicke at filmakademie.de> wrote: > Am 27.06.12 10:29, schrieb Fajar Priyanto: >> On Wed, Jun 27, 2012 at 4:23 PM, Götz Reinicke >> <goetz.reinicke at filmakademie.de> wrote: >>> Hi, >>> >>> we do have some subnetworks for private computers, which are allowed to >>> use there public smtp servers like msn, web.de or whatever with the >>> users private accounts. >>> >>> All our own computers have to send mail trough our mailserver with user >>> authentication. >>> >>> From time to time we are faced with the fact, that a virus infected >>> private notebook sends spam and we are told by our ISP to take care :) >>> >>> What might be a good choice to allow clients to send unrestricted >>> transparent mails (= use smtp(s)) but we can monitor? E.g. like a >>> redirect or proxy for smtp? >>> >>> I like to know which private computer sends lot of mail. :) >> >> Hi, >> 1. Many malware have their own smtp and can send spam directly. >> To overcome this, block port tcp 25 on your gateway, and only allow >> your mailserver. >>>From the firewall log then you will know which client is infected. >> >> 2. In the case that the malware use your mailserver to send the spam, >> there are plugins to log how many email sent by which client. >> HTH >> > > > Hi, thanks for your suggestion. But for the mentioned clients thats not > possible. :/ (For our own we do exactly as you suggest :) ) > > We do have about 100th of freelancers 'flying in and out' of our academy > which we cant 'restrict' by forcing tham to change there clients settings. > > But may be we have to think about that if thats the only chance we have.... Hi Gotz, I don't understand. Those "clients" are connected to your network, aren't they? Then the proposed solution 1 and 2 would work. Unless what you mean is when they are working from home, but at least solution 2 would give you a clue who send the spam. -- http://linux3.arinet.org