[Techtalk] stopping outgoing virus mail
Brenda Bell
k15a-list-linuxchix at theotherbell.com
Mon Mar 17 20:06:06 EST 2003
Quoting Carla Schroder <carla at bratgrrl.com>:
> I'm trying to figure out a way to block outgoing email generated by
> a virus.
> The idea is to stop it before it gets out into the world, and log
> the
> activity for when the admin arrives to work refreshed and alert
> after an
> unbroken night's sleep.
>
> I don't even know if it's possible, anyone have any brilliant
> ideas? The usual
> virus-scanners check both incoming and outgoing mail, I'm looking
> for a way
> to do it with iptables rules or procmail something similar. Don't
> even let it
> past the firewall. Seems like there ought to be something to base a
> generic
> ruleset on.
I may be misunderstanding what you're looking for. Are you saying
that your outbound email passes through the firewall before being
processed by your SMTP server? If that's the case, you might want to
consider running a simple scan-and-forward mail solution inside the
firewall. qmail and Vexira MailArmor would do this... since Vexira
MailArmor is an SMTP listener, you might be able to get away with just
MailArmor.
--
Brenda
http://opensource.theotherbell.com
More information about the Techtalk
mailing list