forcing a certain mail server to default?

Unless you control all the software and hardware on the machine, it's probably going to be impossible to enforce this at the client side.

You can probably enforce it at the mail-server side, but how to do it depends greatly on which mail server software you're using.

I have full controll over hardware+software...with which Mail server soft ware I can achieve that...can some fire wall do this for me????

Well, certainly you can tell your firewall to only allow outgoing SMTP connections to certain addresses.  That should be easy enough.  Mind you, this will be for the entire enterprise, though.

If you're doing this for a largish organization, it sounds like you should pull in help from the e-mail and/or security groups.

Agreed.  There will be ways around this type of stuff unless 1) you make it extremely restrictive and 2) you spend a lot of time and/or money making it so.

okay ....one step ahead

can I log all mails that are going out of my machine.....ALL means EVERY thing yahoo, hotmail, bla bla...

Sure.  You _can_ log anything you like, including capturing every packet going in or out of the system.  Whether it will be useful is a different story..

1.  The volume may be way too high to analyze it in any meaningful way.

2.  Unless you can show that you're doing this to protect the security of the computer systems involved, you may be in Criminal violation of US anti-wiretapping laws (assuming you're doing this in the US).

ditto.
except, I think you'll be ok to temporarily retain copies of all messages, for purposes of debugging, identifying hijackers and spoofers, and any attempts to misuse your site, along with traditional ensuring the mail (known good) flows properly.  What causes problems is becoming too voyeur, intruding into lives of others -- a definite no-no; as well as finding cans for all them trivial bits. Don't volunteer to help anyone resend. Make 'em maintain their own backups if they want that capability.

In some cases, you can run SSL for improving security. Try HTTPS for web, such as for logons. PGP for EMs

> I also need advise to how to work in security...

a lot of security is stuck in simply administering IDs and passwords. How droll. Then there's the constant upgrades. Basically Admin talk. (assuming you don't mean to be a paper-pusher just writing up regulations about building entry).

For technical mumbo jumbo, try on the acronyms of my prior comment, use any search technique you want. Add another: DMZ. Another: RSA (recheck-out, the number of bits, its in the news again).  That should keep you well occupied for quite some time. If you are good.

First point:
If you need to force the use of a certain mail server only, just allow outbound port 25 requests only from those servers. Run a proxy based firewall, not a packet filter. This will force SMTP to work only over port 25 and prevent the use of SMTP servers running over port 80/110.....
Block port 80 (you really don't want to allow webmail, do you?).

To make your life simpler: Say why you want to force the use of that particular SMTP server, and we might be able to give you an easier solution.
For instance, the ISP I work at has a policy of not allowing the use of any SMTP server other than ours. This is only so that we have logs in case of spam abuse complaints. The only other requirements we have are that a valid (resolvable) domain be used.

This is enforced primarily by an Acceptable Use Policy and technically by blocking outbound port 25 for everything except our mail servers..

The second point:
Are you asking from an adminstrative point of view, or from th programmer point of view? Note that there is a massive overlap between the two in security matters.

I would suggest looking at http://www.securityfocus.com as a starting point for this endeavour. D. Wheeler has an online secure programming howto.
Read everyhting you can on security. http://www.sans.org is another good place to look at. http://www.google.com will be your best friend.

And, no: security is not simply stuck in and administering IDS and passwords (even if it is often implemented that way).

Security is a process, not a product. When coding, think of every way in which your code could be abused. "No one will ever do that" is never a valid answer. Catch your exceptions. Handle input carefully. Make sure it is clean input and sanitize it, if necessary. Know your language, and understand it. Know the limitations of your tools and work within those.
Choose the right language for the right job.

A lot of good concepts are expreseed above, but I think FlamingSword is hitting the nail on the head - you can certainly restrict outbound SMTP traffic to a certain server, but complete outbbound email restriction can only be realized if you are prepared to severely cripple the internet connectivity of such clients, since there are many protocols that can be used to access SMTP gateways (http being one of many).  I guess if you have specific secured workstations dedicated exclusively to email, then this might be feasible.  I guess this isn't too bad if you just want to setup public-access email stations - if you want the client to have more abilities than that, have fun.

Cheers,
-Jon

Well, heavy use of application layer proxies and blocking webmail can help, but since we don't know why he needs such a restriction, giving further suggestions isn't going to be beneficial.
These are generally going t0o be people problems, and they cannot be solved technically, but must be solved with the judicious use of AUPs and their enforcement.

Surf Control works great but it's not cheap.

http://www.surfcontrol.com/business/products/

>and blocking webmail can help

How are you proposing to do this?  Do you know of some magical way to distinguish between posting to a webmail form on a server, and posting any other kind of form content?  If you mean block port 80, just say so.

Just wondering...

Also, surfcontrol will not work for this (unless you use a whitelist, and then why buy surfcontrol at all?) - the only way is if you block all traffic other than port 25 to the proper server, or create a 'whitelist' of known servers that don't run webmail or email servers that you will allow people to talk to (which will still break, the first time someone on your whitelist decides to be an ass).

>This is enforced primarily by an Acceptable Use Policy
>and technically by blocking outbound port 25
>for everything except our mail servers

What a boneheaded policy - I'd drop your service faster than a hot potato (and maybe subscribe your admin emails to some spam lists if I was feeling particularly pissed-off that day).  What do you do about all the spammers who abuse open webmail cgis - block port 80 outbound for all users?  Sigh.

FlamingSword gets my vote.

If you want to log all email, jlevie has a pretty good discussion around here recently with someone who was asking questions along those lines.  If you want the URL I'll dig it up - I think chris knows what I'm talking about (he tried his goofy wiretap argument there, IIRC).

-Jon

If you want the ultimate solution (Which I think has been mentioned or hinted at above), just make it corporate policy, log outbound connections on port 25, and make an example of some bloke who violates the policy by cannning him.

You'll likely see outbound connections on port 25 drop to zero.

As far as security references, I think O'Reilly has some good ones - avoid the GIAC, unless you want to fool people into thinking you know something about security when you really just have a maeaningless certification (have you *seen* the sample questions on the GIAC?  Aside from being pathetic, they constantly remind me why I refuse to be employed by corporations (consulting, on the other hand, is where it's at - set your own terms, avoid the corporate BS, and walk away with a ton of cash).

Cheers,
-Jon

Surf Control will work for this.

Captain,I see your point.But with surf control you can see everything a user does,and use it to create an effective rule base.

Surfcontrol does not have any method for detecting new webmail sites.  'Nuff said.

There are similar problems with most of the technical solutions presented above.  That's why a policy-based solution, as others have mentioned, would be most effectrive here.

-Jon

what do you mean surf control doesn't have any method for detecting new webmail sites?Surf Control will let you see every site a user visits,so you can block it.

Siiiigggh - and what about new sites that you haven't entered in the database?  Do I really need to connect the dots here?

-Jon

"... also need advise to how to work in security...I am sorry for sounding so foolish, but I want to work                      and dont know any thing:( can u help me with web links or with some book titles ..."

The best security people are hackers at heart.  The more you know about the holes the more successful you are at filling them.  Now, that's a big area!

and now ,,,,,,,,,,,,,,,

Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts be awarded to FlamingSword and SunBow.
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor

I vote for pts to FlamingSword exclusively - if you give pts to SunBow, then I think my comments were at least as valuable, and would like some pts as well.

Cheers,
-Jon

Noted:

I'll adjust my decision to award pts to FlamingSword Exclusively. I would split three ways but it's only a 50 pt Q.  Thanks for the input.

j

Sounds great to me - Actually John, you can feel free to ignore requests for pt splits from me, given the PE benefits.

Cheers,
-Jon
EE PE (but not in this TA)

Having PE benefits doesn't mean that you shouldn't get what's coming to you.  I'm doing my best to be fair, and appreciate any, and all comments.  thanks.

j