Only authorized users are allowed thru SMTP AUTH method. But I guess one of the remote systems infected with virus should be spamming using the mail credentials configured by authenticated user.
Since the spam generated is huge in numbers, how do I detect in pfsense firewall for such an abnormal traffic and block that particular remote IP in gateway level itself. Can I set a limit on WAN port on incoming traffic from a particular IP address ? Or can I set a rule in such a way that the remote IP will be automatically blocked, in case it exceeds the pre-defined threshold in wan firewall rule ? When I trace my Mail server logs, it looks like the remote IP is spoofed and a bogus address. So blocking that address may not be effective. From: Evgeny Yurchenko [mailto:[email protected]] Sent: Sunday, November 21, 2010 8:02 PM To: [email protected] Subject: Re: [pfSense Support] how to prevent spams On 10-11-21 02:58 AM, Guruprasad wrote: I am using PFSense firewall in my office. I have a windows based mail server in LAN and all the systems in LAN send mails thru the mailserver(icewarp merak mail server). There is no spam problem. But the moment I allow my branch office people to send/receive mails using my local mail server via my ISP allocated static IP ( this is configured in pfsense WAN), lots of spam/virus being relayed thru my mail server and I could see the same in my mail server Log. Since many roaming users/branch office people are connected to this mail server, how do I find out which remote client is compromised and sending this spams using my internal mail server as a relay host. Secondly is there any AV package for pfsense which can prevent smpt, pop, ftp, smb viruses apart from http ( I have installed clamAV) -guru I very hope you allow only authenticated clients to use your smtp-server to send e-mails, don't you? Evgeny
