outgoing email filtering
Hi all, Recently one of my smtp user infected by windows virus. I use Sendmail 8.12 as MTA on SuSE 9.0. His account always send an email to the outside without knowing it(maybe to addresses in his address book). My Sendmail is alright, but I don't want to bother other server. I use clamav for filtering incoming email, but can it work for outgoing email? Can anyone here have a solution to block this thing. TIA edwin
On 03/21/2004 03:57 PM, M Edwin wrote:
Recently one of my smtp user infected by windows virus. I use Sendmail 8.12 as MTA on SuSE 9.0. <snip> I use clamav for filtering incoming email, but can it work for outgoing email?
Incoming mail? Isn't your Windows user's mail incoming as well, i.e maybe from the internal network versus internet, but no matter which interface it comes in on, it is all incoming mail as far as your MTA is concerned. Or am I missing something here? -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace of God, I am what I am.
On Sun, 21 Mar 2004 17:40:44 +0800, Joe Morris (NTM) wrote
------------------------------------------------------------
Incoming mail? Isn't your Windows user's mail incoming as well, i.e maybe from the internal network versus internet, but no matter which interface it comes in on, it is all incoming mail as far as your MTA is concerned. Or am I missing something here?
Ooops, yeah you're right. So, by using clamav it's must be OK, right? edwin
On Saturday 20 March 2004 22:57, M Edwin wrote:
Hi all,
Recently one of my smtp user infected by windows virus. I use Sendmail 8.12 as MTA on SuSE 9.0. His account always send an email to the outside without knowing it(maybe to addresses in his address book). My Sendmail is alright, but I don't want to bother other server.
I use clamav for filtering incoming email, but can it work for outgoing email?
Can anyone here have a solution to block this thing.
TIA edwin
Your sendmail will fileter it if it is running clamav, but many of the viruses and works have their own smtp engine, so you should not allow port 25 outbound from your local net, forceing everyone to go thru your sendmail to get out. Do this with your firewall by specifically disallowing local to net on port 25, will still allowing the suse machine to use 25. -- _____________________________________ John Andersen
participants (3)
-
Joe Morris (NTM)
-
John Andersen
-
M Edwin