A possible problem for companies and ISPs (many companies act as ISPs for their employees) is the possibility that a customer might use company resources to generate spam.
If company policy prohibits this (not all do), then the following mechanism will aid in the detection of spam generation from your site.
We recommend the use of a TCP/IP filter (firewall) mechanism available either through your router, or if you are not using a router then use UnixWare's built in firewall mechanism.
The strategy is as follows: typically, client machines connect into the ISP network via a dialup or other telecommunications mechanism. Mail clients in particular then connect to a single mail server machine, deliver their mail to that machine, and let the server forward the mail to the final destination.
Spammers on the other hand, often connect through the network to a remote machine out on the internet somewhere (to port 25, the SMTP port). They then use the SMTP protocol to forge mail to appear as if it came from the remote Internet server.
To prevent this type of activity, we recommend that you enable packet filtering on port 25 which prevents clients from connecting to port 25 (SMTP) outside of your domain. This forces all clients to submit mail to the internal mail server for forwarding out onto the Internet.
All outgoing mail must go through your mail server, and the mail traffic can be logged, intercepted, and dealt with using whatever policy you have in force. This strategy also prevents forgery to the extent that the mail will be visible as from your domain. Forgery of the originating user is still possible, but the mail logging features will reveal the IP address of the originating spammer.
If you are using a router as your firewall, we highly recommend that you set up packet filtering so that only your mail server is allowed to connect outside your domain using port 25.
If you are using a UnixWare machine as your firewall machine then use the built in firewall mechanism to disable outgoing port 25 connections from all machines but the mail server. In smaller configurations the mail server and the Internet gateway machine will be the same.
See ``Configuring packet filters and TCP Wrappers'' for details of the built in firewall machanism. A printable filter component is:
!(dst part smtp and \ ! host mail.server)You can also use the Packet Filter Manager in scoadmin(1M) to update filters.