On Tue, 2005-08-09 at 20:30, AragonX wrote: > <quote who="Scot L. Harris"> > We have a great acceptable usage policy. The problem is, management is > hesitant to enforce it. They want concrete proof that the persons who's > computers are constantly being infected is being done by the person the > computer is assigned to. > > We are using Sendmail and procmail for our mail system. Squirrelmail uses > imap, I don't know if that makes tracking where the email was sent from > easier or harder? > Then you should be able to use something like milter-bcc to get copies of any messages sent through your MTA. As I mentioned previously users can circumvent your MTA by a variety of methods. You can block SMTP going out of your network except for your MTA server. But it becomes more difficult to block users from using other email systems such as gmail or hotmail to get thing sent from inside your network. The use of anonymous proxies is just one way. You will also need to block ssh tunneling and similar methods from originating from within your intranet. Of course it is a good idea to block all outbound protocols/ports except for those you need for business.