Marc Perkel wrote:
This would isolate
viruses and if you can create some significant isolation then the bot
armies die out. Viruses is something that can be beaten.
And as people have been pointing out to you, this wont defeat the viruses.
1) Some viruses already know they can put their outbound messages into
the Outlook outbound folder.
2) Viruses can/will adapt by figuring out how to leverage stored
SMTP-AUTH configurations. They can probably pick 3 or 4 implementations
to target (Outlook, Thunderbird, Mail, and Eudora) and still be
incredibly effective.
3) This doesn't stop a virus on a laptop from still hitting port 25 on
your server, or on other people's servers, when they are roaming away
from your controlled networks.
4) And then there's all of those mail servers that run on port 2525 to
get around these kinds of restrictions. And if you block 2525, they'll
find a new one to use.
If what you want is to keep inside IPs from talking to remote SMTP ports
(which is different from saying you want to keep customers from talking
to port 25), then you're going to need to put up a protocol filtering
firewall that looks at each session to figure out if any of them conform
to the SMTP protocol (no matter what port its on) and then interrupts
the connection when it finds one. Or, you could have it proxy the
connection to your own SMTP server.
If you want to stop viruses, then you need to run a virus and/or
attachment scanner on all of the traffic you're concerned about, no
matter what its end points are.
The things you're talking about really address the former (and in a poor
fashion), and don't really address the latter ... yet you're doing it
under the guise of the latter.
