[CentOS] How to handel smtp to public servers

Wed Jun 27 09:47:14 UTC 2012
Fajar Priyanto <fajarpri at arinet.org>

On Wed, Jun 27, 2012 at 5:15 PM, Götz Reinicke
<goetz.reinicke at filmakademie.de> wrote:
> Am 27.06.12 10:29, schrieb Fajar Priyanto:
>> On Wed, Jun 27, 2012 at 4:23 PM, Götz Reinicke
>> <goetz.reinicke at filmakademie.de> wrote:
>>> Hi,
>>>
>>> we do have some subnetworks for private computers, which are allowed to
>>> use there public smtp servers like msn, web.de or whatever with the
>>> users private accounts.
>>>
>>> All our own computers have to send mail trough our mailserver with user
>>> authentication.
>>>
>>> From time to time we are faced with the fact, that a virus infected
>>> private notebook sends spam and we are told by our ISP to take care :)
>>>
>>> What might be a good choice to allow clients to send unrestricted
>>> transparent mails (= use smtp(s)) but we can monitor? E.g. like a
>>> redirect or proxy for smtp?
>>>
>>> I like to know which private computer sends lot of mail. :)
>>
>> Hi,
>> 1. Many malware have their own smtp and can send spam directly.
>> To overcome this, block port tcp 25 on your gateway, and only allow
>> your mailserver.
>>>From the firewall log then you will know which client is infected.
>>
>> 2. In the case that the malware use your mailserver to send the spam,
>> there are plugins to log how many email sent by which client.
>> HTH
>>
>
>
> Hi, thanks for your suggestion. But for the mentioned clients thats not
> possible. :/ (For our own we do exactly as you suggest :) )
>
> We do have about 100th of freelancers 'flying in and out' of our academy
> which we cant 'restrict' by forcing tham to change there clients settings.
>
> But may be we have to think about that if thats the only chance we have....

Hi Gotz,
I don't understand. Those "clients" are connected to your network,
aren't they? Then the proposed solution 1 and 2 would work.
Unless what you mean is when they are working from home, but at least
solution 2 would give you a clue who send the spam.
-- 
http://linux3.arinet.org