smtp(s) proxy to monitor outgoing spam

Zulakis asked:

I am looking for a smtp proxy to install on our gateway which should monitor outgoing smtp traffic to identify the source of recently occuring spam attacks from our network.

It would be enough if this could log all outgoing mails, no actual filtering must be done as I’m going to do this manually.

Also, is it possible to monitor smtps ports 465 and 587 or is it necessary to completely block these ports to stop spam?

My answer:

It’s not necessary to block port 587 to stop spam.

As for monitoring, why do you want to monitor it? Block it instead. No system on your network should be sending outgoing mail on port 25 (or 465) other than your outgoing SMTP server.

Set up your egress firewall to reject any attempts to send outgoing mail from any other host, and to log such attempts so you know where they’re coming from. This both solves the outgoing spam problem and lets you know where the problem is coming from.

See also: Fighting Spam – What can I do as an: Email Administrator, Domain Owner, or User?

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.