I have the following goals:
1. Deny users on my lan the ability to receive email from any pop mail server other than our local mailserver.
2. Deny users on my lan the ability to send email to any smtp mail server other than our local mail server.
3. Deny users on my lan the ability to access any webmail, such as hotmail.com, mail.yahoo.com, etc.
4. Track and provide statistical reporting on the the websites which employees visit.
5. Deny users on my lan the ability to visit certain websites.
I want this to be able to achieve these goals in a way which does not require setting up restrictions on the individual workstations. I'm happy to give users administrative privileges to his/her own workstation and don't want to stop doing that. I need to implement these restrictions at the bottle neck (server level). I give each user two mail accounts: one for work and one for personal use, but I also ask that each user limit his/her personal email activity to a reasonable level (say... a half dozen or so a day to/from your mother, college roommate, spouse, etc.). I'm trying to deal with the employees who can't seem to resist the temptation to send/receive 40-50 personal emails a day -- every day. These are good employees whom I don't want to fire. However, if let them all know that I can see their usage patterns, then they'll just start using outside email to circumvent. That's why I want to plug the alternative holes before I start laying do the law. As for web addresses visited, I don't care if someone spends a reasonable amount of time at landsend.com, etc., but I need to know if they're spending 30 min a day surfing porn, playing games, etc.
We are running a Win2000 Adv. Server. We do not have a proxy server. Our router is a Netopia running Network Address Translation using a dynamic IP aDSL connection. If I have to install something (proxy, firewall ?), I would lean to a linux based solution.
If you need more information to make a recommendation, let me know.