-
Controversial solution: Block outgoing SMTP!
Effective, but can generate complaints, administrative
headaches
-
More subtle technique: Transparent proxy on bastion host/firewall.
IP Filter (ipnat) rule:
rdr ed0 0.0.0.0/0 port smtp -> 127.0.0.1 port
smtp
-
Detection can then be done with log monitors such as
-
Sendmail "Milter" filter can also be created to watch traffic
on proxy
|