How to handel smtp to public servers
 

Hi,

we do have some subnetworks for private computers, which are allowed to
use there public smtp servers like msn, web.de or whatever with the
users private accounts.

All our own computers have to send mail trough our mailserver with user
authentication.

From time to time we are faced with the fact, that a virus infected
private notebook sends spam and we are told by our ISP to take care :)

What might be a good choice to allow clients to send unrestricted
transparent mails (= use smtp(s)) but we can monitor? E.g. like a
redirect or proxy for smtp?

I like to know which private computer sends lot of mail. :)

Thanks for any hint and suggestion. /Götz

--
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 82 420
Fax +49 7141 969 55 420
E-Mail goetz.reinicke@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016

Vorsitzender des Aufsichtsrats:
Jürgen Walter MdL
Staatssekretär im Ministerium für Wissenschaft,
Forschung und Kunst Baden-Württemberg

Geschäftsführer:
Prof. Thomas Schadt


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

How to handel smtp to public servers
 

On Wed, Jun 27, 2012 at 4:23 PM, Götz Reinicke
<goetz.reinicke@filmakademie.de> wrote:
> Hi,
>
> we do have some subnetworks for private computers, which are allowed to
> use there public smtp servers like msn, web.de or whatever with the
> users private accounts.
>
> All our own computers have to send mail trough our mailserver with user
> authentication.
>
> From time to time we are faced with the fact, that a virus infected
> private notebook sends spam and we are told by our ISP to take care :)
>
> What might be a good choice to allow clients to send unrestricted
> transparent mails (= use smtp(s)) but we can monitor? E.g. like a
> redirect or proxy for smtp?
>
> I like to know which private computer sends lot of mail. :)

Hi,
1. Many malware have their own smtp and can send spam directly.
To overcome this, block port tcp 25 on your gateway, and only allow
your mailserver.
>From the firewall log then you will know which client is infected.

2. In the case that the malware use your mailserver to send the spam,
there are plugins to log how many email sent by which client.
HTH
--
http://linux3.arinet.org
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

How to handel smtp to public servers
 

Am 27.06.12 10:29, schrieb Fajar Priyanto:
> On Wed, Jun 27, 2012 at 4:23 PM, Götz Reinicke
> <goetz.reinicke@filmakademie.de> wrote:
>> Hi,
>>
>> we do have some subnetworks for private computers, which are allowed to
>> use there public smtp servers like msn, web.de or whatever with the
>> users private accounts.
>>
>> All our own computers have to send mail trough our mailserver with user
>> authentication.
>>
>> From time to time we are faced with the fact, that a virus infected
>> private notebook sends spam and we are told by our ISP to take care :)
>>
>> What might be a good choice to allow clients to send unrestricted
>> transparent mails (= use smtp(s)) but we can monitor? E.g. like a
>> redirect or proxy for smtp?
>>
>> I like to know which private computer sends lot of mail. :)
>
> Hi,
> 1. Many malware have their own smtp and can send spam directly.
> To overcome this, block port tcp 25 on your gateway, and only allow
> your mailserver.
>>From the firewall log then you will know which client is infected.
>
> 2. In the case that the malware use your mailserver to send the spam,
> there are plugins to log how many email sent by which client.
> HTH
>


Hi, thanks for your suggestion. But for the mentioned clients thats not
possible. :/ (For our own we do exactly as you suggest :) )

We do have about 100th of freelancers 'flying in and out' of our academy
which we cant 'restrict' by forcing tham to change there clients settings.

But may be we have to think about that if thats the only chance we have....

--
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 82 420
Fax +49 7141 969 55 420
E-Mail goetz.reinicke@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016

Vorsitzender des Aufsichtsrats:
Jürgen Walter MdL
Staatssekretär im Ministerium für Wissenschaft,
Forschung und Kunst Baden-Württemberg

Geschäftsführer:
Prof. Thomas Schadt



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

How to handel smtp to public servers
 

On Wed, Jun 27, 2012 at 5:15 PM, Götz Reinicke
<goetz.reinicke@filmakademie.de> wrote:
> Am 27.06.12 10:29, schrieb Fajar Priyanto:
>> On Wed, Jun 27, 2012 at 4:23 PM, Götz Reinicke
>> <goetz.reinicke@filmakademie.de> wrote:
>>> Hi,
>>>
>>> we do have some subnetworks for private computers, which are allowed to
>>> use there public smtp servers like msn, web.de or whatever with the
>>> users private accounts.
>>>
>>> All our own computers have to send mail trough our mailserver with user
>>> authentication.
>>>
>>> From time to time we are faced with the fact, that a virus infected
>>> private notebook sends spam and we are told by our ISP to take care :)
>>>
>>> What might be a good choice to allow clients to send unrestricted
>>> transparent mails (= use smtp(s)) but we can monitor? E.g. like a
>>> redirect or proxy for smtp?
>>>
>>> I like to know which private computer sends lot of mail. :)
>>
>> Hi,
>> 1. Many malware have their own smtp and can send spam directly.
>> To overcome this, block port tcp 25 on your gateway, and only allow
>> your mailserver.
>>>From the firewall log then you will know which client is infected.
>>
>> 2. In the case that the malware use your mailserver to send the spam,
>> there are plugins to log how many email sent by which client.
>> HTH
>>
>
>
> Hi, thanks for your suggestion. But for the mentioned clients thats not
> possible. :/ (For our own we do exactly as you suggest :) )
>
> We do have about 100th of freelancers 'flying in and out' of our academy
> which we cant 'restrict' by forcing tham to change there clients settings.
>
> But may be we have to think about that if thats the only chance we have....

Hi Gotz,
I don't understand. Those "clients" are connected to your network,
aren't they? Then the proposed solution 1 and 2 would work.
Unless what you mean is when they are working from home, but at least
solution 2 would give you a clue who send the spam.
--
http://linux3.arinet.org
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

How to handel smtp to public servers
 

On 06/27/12 2:15 AM, Götz Reinicke wrote:
> Hi, thanks for your suggestion. But for the mentioned clients thats not
> possible. :/ (For our own we do exactly as you suggest :) )
>
> We do have about 100th of freelancers 'flying in and out' of our academy
> which we cant 'restrict' by forcing tham to change there clients settings.

MSN, gmail, etc don't accept simple port 25 SMTP from random clients,
they only accept authenticated SSL encrypted port 465 or whatever.

so its simple, block port 25 outbound from anything but your own
mailhost(s).


--
john r pierce N 37, W 122
santa cruz ca mid-left coast


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

How to handel smtp to public servers
 

Am 27.06.2012 11:15, schrieb Götz Reinicke:
> Am 27.06.12 10:29, schrieb Fajar Priyanto:

>> 1. Many malware have their own smtp and can send spam directly.
>> To overcome this, block port tcp 25 on your gateway, and only allow
>> your mailserver.

> Hi, thanks for your suggestion. But for the mentioned clients thats not
> possible. :/ [...]
> We do have about 100th of freelancers 'flying in and out' of our academy
> which we cant 'restrict' by forcing tham to change there clients settings.

Nobody *needs* port 25 from their client to a public server.
Port 25 is intended for forwarding mail from one server to the
next, not for submitting mail from a client to its server.
The standard port for sending mail from a client is 587, the
mail submission port. Using port 25 for that is arguably a
configuration error which should be corrected.

What's more, blocking outbound port 25 is generally recommended
practice and standard for many ISPs, so your freelancers will
often face the same restriction on their home LAN, Internet
cafe or wherever else they may want to write e-mails, adding
to their motivation to fix their configuration instead of
arguing with you.

HTH
T.

--
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

How to handel smtp to public servers
 

On 27/06/12 18:23, Götz Reinicke wrote:
> I like to know which private computer sends lot of mail. :)

You could get your firewall ACCEPT but LOG the outgoing 25 from anything
but your mailhub.

Have often wondered whether a transparent mail-proxy could be set up,
similar to a transparent web-proxy, with your firewall catching all port
80 and redirecting to 8080 on your squid server. Never got around to
seeing whether this was possible ...

... then again I agree with the others, blocking outgoing port 25 is the
better idea, but only if it is not going to get you fired.

Cheers,

Kal

--
Kahlil (Kal) Hodgson GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd (w) +61 (0) 3 9008 5281

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

"All parts should go together without forcing. You must remember that
the parts you are reassembling were disassembled by you. Therefore,
if you can't get them together again, there must be a reason. By all
means, do not use a hammer." -- IBM maintenance manual, 1925



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos