SMTP Monitoring / Blacklisting
I get blacklisted every now and then; when a computer gets infected and starts spamming. I would like to be able block an internal IP if its SMTP traffic exceeds a limit in a certain amount of time. Or is there some other way I could go about not getting blacklisted.
The best way to do it. Is create an SMTP server onsite and get all the machines to relay off that. Or even with MS exchange. Then create a rule to only allow SMTP out by that server. Then even if the others get effected Pfsense will block them, and you can be notified if an attempt has been made.
one quick thing! A good Free SMTP product i use is Hmail! Works wonders!
so you allow your machines to talk outbound on 25?? Or do you mean your clients use your smtp server to send the spam? And your smtp server is actually sending the spam sent by a user machine?
Not sure why anyone would allow client machines to talk directly outbound on 25.