Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: ClaudioG on June 27, 2003, 07:11:51 PM
-
Hi,
History:
last worm Bugbear.B was discover from antivirus software at June 06 (i.e. Symantec June 6, Rav June 6):
but the virus come across internet PRIOR to this date, with a lot of problems....
Question:
In a network with SME enviroment as server-gateway, is a good idea block all the traffic to port 25 different from the SME local?
In other word, in the lack of virus discover, the worm can't send itself to other (no message sent out by worm SMTP server).
I am not know very well ipchains/iptables, but if someone collaborate, we can write somu rule to block every local request to :25
This can have some draw back (i.e. notebook the send to other ISP, ect.) but can reduce the run of the worms.
Any comment?
ClaudioG
-
/sbin/ipchains -A output -p tcp --dport 25 -d ! -j DENY
Sounds like a good idea to me, you're forcing your client base to only use your local SMTP server.