Hi
I have the following problem: I host a group of windows servers that
run a webapp using IIS6 ASP technology. The webapp was written and is
maintained by a small private company that develops custom webapps for
companies. One of the services the webapp does is send out emails
(nothing amazing until now). The problem is that the webapp isn't
written securely. The developers keep saying the webapp is secure and
isn't the problem. Bringing someone from the outside to prove them wrong
has failed thus far. Showing logs and showing network access also proved
futile. the webapp is (ab)used by spammers to relay spam emails which
caused the webapp's IP address to be added to various spam black lists
:-( I'm sure it's the ASP is the problem because only HTTP and HTTPS are
accessible on these servers. The website itself is hidden behind a
firewall and SMTP port isn't reachable. I'm in the process of replacing
the current firewall (Microtik's RouterOS, a Linux based OS) with
OpenBSD and I thought of using spamd to block outgoing spam emails. I've
started reading about spamd and usage scenarios, but thus far only found
spamd being used on incoming emails. Did anyone use spamd to block
outgoing spam emails? Is what I want to do possible (in combination PF)?
Other solutions will also be appreciated obviously based on OpenBSD :-)
TIA
Paolo
