Date: Thu, 14 Sep 2006 03:10:55 +1000 From: Norberto Meijome <freebsd@meijome.net> To: Bart Silverstrim <bsilver@chrononomicon.com> Cc: freebsd-questions@freebsd.org Subject: Re: forwarding as a gateway, logging certain traffic Message-ID: <20060914031055.45dcbb6a@localhost> In-Reply-To: <7269D41C-C334-44DC-9549-ACB28F79014A@chrononomicon.com> References: <7269D41C-C334-44DC-9549-ACB28F79014A@chrononomicon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 12 Sep 2006 15:51:08 -0400
Bart Silverstrim <bsilver@chrononomicon.com> wrote:
> Something inside our network is infected with a spam-mailing trojan.
> We now have our PIX firewall set to block all outgoing traffic to
> port 25 unless it is from our mail server.
you should also accept only authenticated smtp connections from your LAN (or
exchange only, if you can), and limit the number of recipients per email.
Pretty sure you can limit the rate at which xchange will send emails out
(virtual smtp server). Then just check the xchange queues ... see them
grow...and wonder why did we (I'm in the same boat ;) ) went with xhcnage in
the first place :D
HIH
_________________________
{Beto|Norberto|Numard} Meijome
"I don't think they could put him in a mental hospital. On the other
hand, if he were already in, I don't think they'd let him out."
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060914031055.45dcbb6a>