James W. McKeand wrote:
>mono at centrum dot sk wrote:
>>but i don`t have any SMTP server on network. Hmm, if i make rule
>>which deny SMTP, then anyone would be able to send email from theirs
>>Outlook and other mail clients??
>Actually, it would prevent EVERYBODY from sending email. But, this
>would be temporary - only enable the rule while you are trying to
>pinpoint what IP is ending out SMTP traffic. You would need to tell
>all of your users that sending email is restricted. Or do it while
>outbound mail would be low - while everyone is at lunch or after
Why not simply create a rule that passes traffic on port 25 with logging
enabled and log the traffic? While shuttodnw down the spamming machine
is obviously of the utmost importance, a machine that has been spamming
long enough to get on SORBS probably won't do any further damage if it
can keep broadcasting for another 5-10 minutes while you track down the
HTML email should be treated in the same manner as sexual acts.
Only between consenting adults, in private places where willing
parties, whom agreed upon such an act BEFOREHAND, will see it.