|
||||||||
James W. McKeand wrote: >mono at centrum dot sk wrote: > > >>Thanx, >>but i don`t have any SMTP server on network. Hmm, if i make rule >>which deny SMTP, then anyone would be able to send email from theirs >>Outlook and other mail clients?? >> >> >Actually, it would prevent EVERYBODY from sending email. But, this >would be temporary - only enable the rule while you are trying to >pinpoint what IP is ending out SMTP traffic. You would need to tell >all of your users that sending email is restricted. Or do it while >outbound mail would be low - while everyone is at lunch or after >hours. > > Why not simply create a rule that passes traffic on port 25 with logging enabled and log the traffic? While shuttodnw down the spamming machine is obviously of the utmost importance, a machine that has been spamming long enough to get on SORBS probably won't do any further damage if it can keep broadcasting for another 5-10 minutes while you track down the issue. -- HTML email should be treated in the same manner as sexual acts. Only between consenting adults, in private places where willing parties, whom agreed upon such an act BEFOREHAND, will see it. |