forwarding as a gateway, logging certain traffic
Norberto Meijome
freebsd at meijome.net
Wed Sep 13 10:12:04 PDT 2006
On Tue, 12 Sep 2006 15:51:08 -0400
Bart Silverstrim <bsilver at chrononomicon.com> wrote:
> Something inside our network is infected with a spam-mailing trojan.
> We now have our PIX firewall set to block all outgoing traffic to
> port 25 unless it is from our mail server.
you should also accept only authenticated smtp connections from your LAN (or
exchange only, if you can), and limit the number of recipients per email.
Pretty sure you can limit the rate at which xchange will send emails out
(virtual smtp server). Then just check the xchange queues ... see them
grow...and wonder why did we (I'm in the same boat ;) ) went with xhcnage in
the first place :D
HIH
_________________________
{Beto|Norberto|Numard} Meijome
"I don't think they could put him in a mental hospital. On the other
hand, if he were already in, I don't think they'd let him out."
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
More information about the freebsd-questions
mailing list