On Wed, Jun 27, 2012 at 5:15 PM, Götz Reinicke
> Am 27.06.12 10:29, schrieb Fajar Priyanto:
>> On Wed, Jun 27, 2012 at 4:23 PM, Götz Reinicke
>> <email@example.com> wrote:
>>> we do have some subnetworks for private computers, which are allowed to
>>> use there public smtp servers like msn, web.de or whatever with the
>>> users private accounts.
>>> All our own computers have to send mail trough our mailserver with user
>>> From time to time we are faced with the fact, that a virus infected
>>> private notebook sends spam and we are told by our ISP to take care
>>> What might be a good choice to allow clients to send unrestricted
>>> transparent mails (= use smtp(s)) but we can monitor? E.g. like a
>>> redirect or proxy for smtp?
>>> I like to know which private computer sends lot of mail.
>> 1. Many malware have their own smtp and can send spam directly.
>> To overcome this, block port tcp 25 on your gateway, and only allow
>> your mailserver.
>>>From the firewall log then you will know which client is infected.
>> 2. In the case that the malware use your mailserver to send the spam,
>> there are plugins to log how many email sent by which client.
> Hi, thanks for your suggestion. But for the mentioned clients thats not
> possible. :/ (For our own we do exactly as you suggest
> We do have about 100th of freelancers 'flying in and out' of our academy
> which we cant 'restrict' by forcing tham to change there clients settings.
> But may be we have to think about that if thats the only chance we have....
I don't understand. Those "clients" are connected to your network,
aren't they? Then the proposed solution 1 and 2 would work.
Unless what you mean is when they are working from home, but at least
solution 2 would give you a clue who send the spam.
CentOS mailing list