[ previous ] [ next ] [ threads ]
 
 From:  Dave Warren <maillist at devilsplayground dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DNS Blacklist
 Date:  Sat, 29 Jan 2005 02:47:35 -0700
James W. McKeand wrote:

>mono at centrum dot sk wrote:
>  
>
>>Thanx,
>>but i don`t have any SMTP server on network.  Hmm, if i make rule
>>which deny SMTP, then anyone would be able to send email from theirs
>>Outlook and other mail clients??
>>    
>>
>Actually, it would prevent EVERYBODY from sending email. But, this
>would be temporary - only enable the rule while you are trying to
>pinpoint what IP is ending out SMTP traffic. You would need to tell
>all of your users that sending email is restricted. Or do it while
>outbound mail would be low - while everyone is at lunch or after
>hours.
>  
>
Why not simply create a rule that passes traffic on port 25 with logging 
enabled and log the traffic?  While shuttodnw down the spamming machine 
is obviously of the utmost importance, a machine that has been spamming 
long enough to get on SORBS probably won't do any further damage if it 
can keep broadcasting for another 5-10 minutes while you track down the 
issue.

-- 
HTML email should be treated in the same manner as sexual acts.
Only between consenting adults, in private places where willing
parties, whom agreed upon such an act BEFOREHAND, will see it.