dny wrote:
i want to block virus that act as smtp server by themselves.
they spreads without connecting to any smtp server.
because they have built in smtp engine.
how to block these kind of mail not going out of my internet?
Create a DMZ. Place the real SMTP-server in it.
Only allow the real SMTP-server access to port 25.
Allow clients only access to the DMZ.
Install clamav on the mailserver, so infected mails don't spread through it.
Bingo.
For bonus-points, install a throttleing-patch on the mail-server, so
that a run-away zombie in your intranet can't DoS it.
That's all.
We're an ISP and it's really a pain to try to explain to clients that
they indeed *DO* have a virus-infected PC inside and are trying to
send-out viruses (which we stop).
cheers,
Rainer
