(no subject)

[Rick Cooper]

----Original Message----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jose
Nathaniel Nengasca Sent: Sunday, November 29, 2009 9:11 PM To:
mailscanner at lists.mailscanner.info Subject: (no subject)

> Hi,
> 
> 
> 
> Is there any solution (aside from formatting 1000 windows workstations)
> that 
> can stop worms from using my mail server? It is sending email using
> ambiguous email addresses like alsdfjasdfj at mydomain.com to AOL email
> servers.  Can Mailscanner check the /etc/passwd to check if the user does
> exist before sending out email to the internet?
> 
> 
> 

Are you sure it's actually going out via the mail server? Most worms send
direct. I personally do not allow any out bound attempts to reach something
on 25, 110,143, etc to any host, other than our own servers, unless it's one
of our servers that should be sending. All users must authenticate even from
the local network. And yes that means they cannot reach legitimate mail
services with whom they may have personal access to... Tough. I let them
know if they want to track their personal mail from work they need to setup
up their mail service to forward a copy to their work address. ( and no
yahoo, gmail, hotmail/livemail and such either).

This is your mta's job, not MailScanner... Checking passwd would do no good
for me, and many others, as all of my mail accounts are virtual, there are
no users on any of our mail servers exept me. So to implement that idea MS
would pretty much have to satisy the many methods of handling users on mail
servers, from flat files to ldap.



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.