Am 27.06.2012 11:15, schrieb Götz Reinicke: > Am 27.06.12 10:29, schrieb Fajar Priyanto: >> 1. Many malware have their own smtp and can send spam directly. >> To overcome this, block port tcp 25 on your gateway, and only allow >> your mailserver. > Hi, thanks for your suggestion. But for the mentioned clients thats not > possible. :/ [...] > We do have about 100th of freelancers 'flying in and out' of our academy > which we cant 'restrict' by forcing tham to change there clients settings. Nobody *needs* port 25 from their client to a public server. Port 25 is intended for forwarding mail from one server to the next, not for submitting mail from a client to its server. The standard port for sending mail from a client is 587, the mail submission port. Using port 25 for that is arguably a configuration error which should be corrected. What's more, blocking outbound port 25 is generally recommended practice and standard for many ISPs, so your freelancers will often face the same restriction on their home LAN, Internet cafe or wherever else they may want to write e-mails, adding to their motivation to fix their configuration instead of arguing with you. HTH T. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany