Create an internal SMTP relay (any Windows/Unix server will do) and block all outgoing smtp trafic to all except this server.
-----Message d'origine----- De : Angus Scott-Fleming [mailto:angu...@geoapps.com] Envoyé : 3 octobre 2011 16:42 À : NT System Admin Issues Objet : Re: Torpig/Anserin/Mebroot infection On 3 Oct 2011 at 16:14, John Aldrich wrote: > We don't have a mail server here. Our ISP hosts our email for us, so > yeah, we do allow SMTP out. I wonder if there's a way to force all > port 25 traffic to one IP in the firewall? There's usually a way to limit port-25 traffic to only one IP. It won't force the traffic (redirect it), but it will prevent infected machines from sending to port 25 elsewhere. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Mise en garde concernant la confidentialité : Le présent message, comprenant tout fichier qui y est joint, est envoyé à l'intention exclusive de son destinataire; il est de nature confidentielle et peut constituer une information protégée par le secret professionnel. Si vous n'êtes pas le destinataire, nous vous avisons que toute impression, copie, distribution ou autre utilisation de ce message est strictement interdite. Si vous avez reçu ce courriel par erreur, veuillez en aviser immédiatement l'expéditeur par retour de courriel et supprimer le courriel. Merci! Confidentiality Warning: This message, including any attachment, is sent only for the use of the intended recipient; it is confidential and may constitute privileged information. If you are not the intended recipient, you are hereby notified that any printing, copying, distribution or other use of this message is strictly prohibited. If you have received this email in error, please notify the sender immediately by return email, and delete it. Thank you! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin