Sorry if this is a FAQ. Recently we had someone who has been using
our gateway as his forwarder for bogus email. Basically he telnet
to port 25 on our gateway. Management is making a big deal out of
this and want it block. I have been following the discussion with
regard to email from firewall and using router, etc.
It isn't completely clear to me what the problem is. Is it someone
presumed to be on the inside sending mail to the inside? The wrapper
daemons will help. So, for that matter, will looking carefully at the
timestamps in the logfiles, especially if your machines run NTP.
Is it someone on the outside using your site to send bogus mail to
other folks on the outside? Depending on your mailer, you may be
able to configure it to disallow pass-through, third-party, mail, though
that means you can run simple-minded mailing lists.