From owner-freebsd-questions@FreeBSD.ORG  Wed Sep 13 17:12:04 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C919D16A415
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Sep 2006 17:12:04 +0000 (UTC)
	(envelope-from freebsd@meijome.net)
Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C6C4543EA9
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Sep 2006 17:10:59 +0000 (GMT)
	(envelope-from freebsd@meijome.net)
Received: (qmail 11203 invoked from network); 14 Sep 2006 03:10:58 +1000
Received: from 124-168-25-250.dyn.iinet.net.au (HELO localhost)
	(124.168.25.250)
	by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP;
	14 Sep 2006 03:10:58 +1000
Date: Thu, 14 Sep 2006 03:10:55 +1000
From: Norberto Meijome <freebsd@meijome.net>
To: Bart Silverstrim <bsilver@chrononomicon.com>
Message-ID: <20060914031055.45dcbb6a@localhost>
In-Reply-To: <7269D41C-C334-44DC-9549-ACB28F79014A@chrononomicon.com>
References: <7269D41C-C334-44DC-9549-ACB28F79014A@chrononomicon.com>
X-Mailer: Sylpheed-Claws 2.4.0 (GTK+ 2.8.20; i386-portbld-freebsd6.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: forwarding as a gateway, logging certain traffic
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2006 17:12:04 -0000

On Tue, 12 Sep 2006 15:51:08 -0400
Bart Silverstrim <bsilver@chrononomicon.com> wrote:

> Something inside our network is infected with a spam-mailing trojan.   
> We now have our PIX firewall set to block all outgoing traffic to  
> port 25 unless it is from our mail server.

you should also accept only authenticated smtp connections from your LAN (or
exchange only, if you can), and limit the number of  recipients per email.
Pretty sure you can limit the rate at which xchange will send emails out
(virtual smtp server). Then just check the xchange queues ... see them
grow...and wonder why did we (I'm in the same boat ;) ) went with xhcnage in
the first place :D

HIH

_________________________
{Beto|Norberto|Numard} Meijome

"I don't think they could put him in a mental hospital.  On the other
hand, if he were already in, I don't think they'd let him out."

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.