Blocking an individual email address
Andrew L. Gould
algould at datawok.com
Thu Feb 16 09:29:14 PST 2006
On Thu, 16 Feb 2006 11:27:40 -0500
<bob at a1poweruser.com> wrote:
> > > Jim Csoka wrote:
> > > > No...I ran make maps, as well as make install for the
> > feature,
> > > > and make restart.
> > > >
> > > > However, here is something interesting. When I access my
> > corporate
> > > > email via openwebmail, it functions as I would expect....you
> > cannot send
> > > > or receive to the given address. However, when using Outlook
> > Express
> > > > (internal mail client at work), you can still send mail to the
> > address I
> > > > am trying to block.
> > > >
> > > > Why should this be so?
> > > >
> > > Are you sure Outlook Express is configured to use your FreeBSD
> > server
> > > for SMTP? Send an email to yourself using Outlook Express then
> > look at
> > > the message source and check the headers to verify which SMTP
> > server
> > > is sending the message.
> > >
> > > --
> > > Ken Stevenson
> > > Allen-Myland Inc.
> > >
> > Yes, I'm sure. It is the incoming and outgoing SMTP server. It's
> > the only
> > one we have.
> > -Jim
> > _______________________________________________
> > Yes that may be the only one you have, but that does not stop the
> > user from configuring their outlook express from using their
> > personal email account at their ISP. To stop this you can add
> > firewall rules to deny all LAN traffic out to ports 25 & 110 by
> > coding the private LAN ip address range in the rule "from" option.
> > Since your SMTP service is on the gateway box where the firewall
> > your outbound port 25 will pass because your using the public ip
> > address or if that is not the case then just add a rule before the
> > deny rule to pass your SMTP LAN ip address.
> Understood. However, most everyone here in my office (a mortgage
> company of
> about 25 people) can barely even spell the word computer much less
> use one
> effectively. And, aside from that, I am running these tests from my
> client, so I can verify that it is configured correctly for the
> purpose of
> running these tests. Although I wish it were as simple as someone
> using a
> different SMTP server....it would make my life easier :P
> Have you physically used this offending persons work PC during off
> and investigated just how they have their outlook explorer
At what point does this stop being an IS issue and start being a Human
Resources issue? (I realize that a company of 25 people probably does
not have a Human Resources Department.)
A mortgage company handles a lot of private information.
The employees need to be trustworthy; and the information needs to be
protected. However, the responsibility for protecting company
information does not fall solely upon IS. If an employee is sending
sensitive information home against company policy, the policy needs to
be enforced. The employee should be counseled/educated/corrected and,
if necessary, fired.
Whereas I think there should be strong IS policies in place, and I
applaud the original poster's diligence, a defacto policy of
playing cat-and-mouse can be horribly inefficient.
More information about the freebsd-questions