In the immortal words of D J Hawkey Jr <[email protected]>... > Set up the mail server as the hub for your internal network, and have > the workstations forward mail to it. If you're running sendmail on the > workstations, put this in their .mc file: > define(`SMART_HOST', `smtp:mailhub.privatedomain') > And rebuild their sendmail.cf (I use the same .mc file for all U**X > boxen on my network, except for the mail hub). Basically, just point > all internal boxen's mailers to the hub. I'm using Exim, and I already have this part working (smart host) > My mail hub, in turn, defines SMART_HOST to be my ISP's mail cluster, > and I define MASQUERADE_AS to be my ISP's domain (I use the feature > masquerade_envelope, too). You might not be able to do this, of > course, it'll depend on your connectivity. Not really required for this particular setup. > You'll need an MX record set up for the mail hub in your DNS. Got one :) > Given the above approach, the only thing I have in my firewall for > SMTP is a rule for stateful outbound on ports 25 and 995 (I use SSL- > enabled POP3 to download incoming mail from my ISP's mail cluster). Hmmm, that doesn't really solve my problem, but it's useful to have in the archives anyhow. What I want to do is grab any outgoing packets bound for a port 25 and redirect them back to the local mailserver which has spam/virus filtering. This should eliminate problems of viruses/trojans which use their own internal smtp servers to propogate themselves, coming from this network. The reason for this approach is the domain in question being RBL'd a couple of days ago after one of the machines in this network had a virus(actually a couple of thousand of various types). Cheers Tim -- Tim Aslat <[email protected]> Spyderweb Consulting http://www.spyderweb.com.au Phone: +61 0401088479 _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"