Results 1 to 2 of 2

Thread: Spam problem on internal network

  1. #1

    Spam problem on internal network

    I'm throwing this out to see if anyone has any comments. Any input would be appreciated.

    This isn't a Linux problem, but I am hoping to use Linux to solve a problem.

    It's like this: there is a host on the internal network (most likely a Windows virus-infected machine) spewing spam.

    I think I can solve this problem by blocking all outgoing SMTP traffic except for authenticated SMTP traffic. This way, those with a legitimate reason/need to access Port 25 will be given a password and can still use it, but a virus-infected machine with its own SMTP engine will not get out of the internal network. Additionally, I would like to set up some kind of logging to help identify the culprit. Anybody have any suggestions on what firewall can help me achieve this?

    And, am I correct in my belief that the zombie computer will make use of its own SMTP engine (and thus be blocked, because it will not know to authenticate), rather than hijacking and using a local mail client like Outlook or (gasp!) Outlook Express?

    Any ideas or comments welcome.

  2. #2
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Milwaukee, WI


    Spyware and other forms of malware will generally use their own smtp server within their code. What I would do is ensure that all of the machines are clean (use adaware and spybot and whatever your AV software can do), and monitor all machines somehow. What I have done in the past is block almost everything. I allowed http, https, smtp (only on the mail server), pop, imap, and any special ports that cannot be changed for softwares (like updaters that use weird configurations). Really, though, a good firewall strategy is ideal here. Your webserver should not need http or https, nor ftp or telnet, so block that there too, regardless of whether or not the service is running.

    I found that OpenBSD can do this real well, and alot simpler to setup. I had created IP address groups that had similar priveledges and setup the DHCP server to give static IPs for specific MACs so they could have special priveledges. Then those groups get rules applied to them. Read up on pf.conf for details on the structure of the script and soforth. Iptables can do the job, but its much more of a strain (to me at least).

Similar Threads

  1. Home network DNS problem
    By jzz in forum Linux - Hardware, Networking & Security
    Replies: 3
    Last Post: 02-05-2011, 07:12 AM
  2. Network Problem
    By manishnr in forum Linux - Hardware, Networking & Security
    Replies: 6
    Last Post: 12-19-2010, 09:54 AM
  3. WindowMaker Network Problem
    By GhostDawg in forum Redhat / Fedora
    Replies: 1
    Last Post: 02-02-2008, 05:00 PM
  4. Network problem
    By toastrack in forum Linux - General Topics
    Replies: 1
    Last Post: 12-16-2006, 06:26 AM
  5. email on internal network
    By doggiebone in forum Redhat / Fedora
    Replies: 4
    Last Post: 03-03-2003, 03:07 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts