On February 16, 2005 12:13 pm, vaida bogdan wrote: > Hy, I use postfix+mailscanner on my mail server to block a lot of > virii comming from my internal network. I would like to implement a > solution to block virii traffic on the internal gateway. The network > looks like this:
> WIN- > WIN- ----GW1----- -----MAIL SERVER----- -----GW2---- > WIN- Install Postfix on GW1. Configure it to use MAIL SERVER as the relay_host. Add a packet filter rules to redirect all outgoing port 25 traffic to this instance of Postfix. You now have a complete audit trail of every mail message leaving your network. Go through the logs on the MAIL SERVER to find out which message is infected. Trace that message back to GW1. In the logs on GW1 will be the IP of the infected station. This is the setup we use. Each school has a firewall that does NAT. On the firewall is a very basic Postfix install that relays all messages through our main mail server. This lets us trace back infected messages to the source computer, which has a private IP address. Quite handy. Not fully automated, but it works. -- Freddie Cash, CCNT CCLP Helpdesk / Network Support Tech. School District 73 (250) 377-HELP [377-4357] [EMAIL PROTECTED] _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
