[Snort-sigs] email spammer sigs?
mkettler at ...189...
Tue Dec 2 13:53:08 EST 2003
At 03:57 PM 12/2/2003, Jason Haar wrote:
>What you need to do (IMHO) is to policy route all Internet-bound TCP
>port 25 traffic to your own mail server(s), upon which you virus/SPAM
>scan. That way you catch it all.
That's pretty much exactly what I do here...
It's also quite effective at preventing the embarrassing situation of
having to apologize to another admin when one of your users gets a virus on
his machine and it starts spewing viruses...
If your firewall is set up right, all outbound mail can only go via the
outbound MX, which virus scans everything. They can't directly deliver, and
if your scanner is up-to-date, it will catch the outbound viruses and
quarantine them as they pass through the outbound MX.
>There are several products to do this, some commercial, and OS ones like
>Qmail-Scanner (ahem), MailScanner and amavis - all of which do both
>virus and spam scanning.
Yep, and they all work well.. I use MailScanner here.
More information about the Snort-sigs