On Wed, Sep 27, 2000 at 03:15:14PM -0300, Daniel Augusto Fernandes wrote:
> "Ihnen, David" wrote:
> >
> > > -----Original Message-----
> > > From: Daniel Augusto Fernandes [mailto:[EMAIL PROTECTED]]
> > >
> > > Dave Sill wrote:
> > > >
> > > > "Gustavo Zambon Rozatti" <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > I have more than 500 users in a qmail server, wich are
> > > > > conected to Internet and to our Intranet, but not
> > > all of them
> > > > > can have Internet access. So how can I prevent some users
> > > > > from sending and receveing any mail to/from any host other
> > > > > then localhost?
> > > >
> > > > It's not easy. To do it right, you'd have to run all your
> > > mail through
> > > > a general filter (see qmail.faqts.com or possibly modify a spam
> > > > filter).
> > >
> > > What about a simple single firewall on that machine?
> >
> > How would that work? What rules?
> >
>
> Well, he could set up two smtp servers in his net. One for users who are
> allowed to send extern mail and other for those who are not allowed. The
> first one should use SMTP-AUTH as in:
> http://members.elysium.pl/brush/qmail-smtpd-auth/
>
> So, if one annoying user change his smtp server config in the MUA he
> would have to authenticate.
>
> Then, he would have a firewall to deny port 25 packets from the second
> smtp server to the internet and allow it from the first server.
>
> Is this all ok?
Well it depends a lot on his setup. First off, he didn't particularly say
that all the users came in via smtp. Maybe they have shell access?
Second. The address allocation may be via DHCP or somesuch that is
not within his control.
Third. The users may use shared PCs.
Fourth. He may not have the ability to put a firewall on his machine.
I think that's why Dave said it's difficult as each avenue of entry
has to be addressed. That's not to say your idea wont work, but we need
to know the full situation - which hasn't been stated.
Regards.
