But, instead of trying to harden your sendmail you should spend the time to switch to another MTA. I decided for postfix, but e.g. exim may be a good choice, too (it has excellent documentation).
Quit telling the guy to switch MTA's, for God's sake. Fix his problem... *then* when we've got him out of the fire, you can tell him that you think $MAILSERVER would be better for him. But right now, let's fix his system!
> One thing I did notice after reading this reply is yes, I can set up a
> external SMTP on a Windows machine and go through my firewall and connect
> to it, but the internal machines are all using my SMPT server, there are
> only 8 internal machines so it was easy to check. I dont think that is how
> the SPAM got out, I trust these users.
There are a lot newer viruses around which have their own SMTP functionality! They don't use your email program's configuration or SMTP function. They have their own and it is sufficient if the firewall lets pass SMTP communication. You should immediately reconfigure the firewall to block port 25.
This is mostly correct. If all those users are supposed to use your SMTP server, then set up your firewall accordingly. I do not suggest blocking 25 outbound, but rather *redirecting* tcp/25 to your mail server. That way, *any* attempts to connect to an SMTP server will be redirected to yours. And if one of your Windows users does have a worm, it'll be unable to talk to the outside but you will see it's attempts in your maillog.
Much better this way: you get better problem warning and control, the users get full functionality, the virii get stopped, and outside systems never get bothered.
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx http://www.simpaticus.com
