I'm throwing this out to see if anyone has any comments. Any input would be appreciated.
This isn't a Linux problem, but I am hoping to use Linux to solve a problem.
It's like this: there is a host on the internal network (most likely a Windows virus-infected machine) spewing spam.
I think I can solve this problem by blocking all outgoing SMTP traffic except for authenticated SMTP traffic. This way, those with a legitimate reason/need to access Port 25 will be given a password and can still use it, but a virus-infected machine with its own SMTP engine will not get out of the internal network. Additionally, I would like to set up some kind of logging to help identify the culprit. Anybody have any suggestions on what firewall can help me achieve this?
And, am I correct in my belief that the zombie computer will make use of its own SMTP engine (and thus be blocked, because it will not know to authenticate), rather than hijacking and using a local mail client like Outlook or (gasp!) Outlook Express?
Any ideas or comments welcome.