Easiest way to do this is to avoid using exim and to use sSMTP which is a lightweight MTA.
All you need to do is install it:
sudo apt-get install ssmtp mailutils
and configure it (edit /etc/ssmtp/ssmtp.conf) to use your Google Mail servers see:
root=noreply@yourdomain.com
mailhub=smtp.gmail.com:587
UseSTARTTLS=yes
UseTLS=yes
AuthUser=youremail@yourdomain.com
AuthPass=password
FromLineOverride=YES
I've been using this set-up for a while now and it just works - It's also nice to not need to be running exim when it's not necessary and let Google's mail servers handle everything for you.
I'm not sure if I fully understand the question with the part about providers permit sending mail to the Internet without authorization. If you mean internet users using the server to send to other internet users, that's bad. It would be considered an open relay and yes you'd get most likely filtered by other ISP's.
If you mean your internal users sending to the Internet, it's not necessarily bad it's just a policy decision. You can do that by securing the server to only relay mail for your IP ranges.
We aren't an ISP but I have worked with them. While there we only allowed sending from our own IP range, and if you were outside the network you had to authorize to the mail server to send messages and/or use the web interface to use email.
Mail servers were throttled in how much they could send per message so people couldn't email huge attachments.
The mail server was monitored for unusual traffic spikes...no home user should be sending a constant stream of mail.
The router locked out port 25 for any server that wasn't designated as the mail server, so home users couldn't run their own mail servers.
Filtering outgoing mail with something like bayesian filtering can be a pain in that false positives create a bad user experience. Users don't like it when their webbertubes act like magic and that magic won't work for them, especially if it fails seemingly at random. Your tech support won't appreciate the angry calls either. Or you may lose users who just get fed up if they have a bad experience with things "just not working" (unless these are people you want off your network, I don't know).
In general you want to prevent unauthorized access to your server. SMTP authorization can be somewhat annoying for the users to set up, but it usually isn't too bad. Beyond that locking it down to whitelisting your own IPs for relay and limiting message size should be fine. You may or may not want to also add a block on sending executable attachments as well (bat, pif, exe, com...), but that's a policy decision.
Either way you need to make it clear on your website and instructions for home users how and what is allowed for your mail server. You'll still get the phone calls about why something didn't work or what a bounce message means since users usually can't read the message with "attachment too large" written in it, but the slightly more tech savvy will appreciate the ability to look up your policies and errors without dealing with your help line.
Best Answer
tcpdump is a useful tool for dumping packets off the network either to file, or to the screen, its generally available in the distro-packing repositories and is very well documented and tested for situations like this.
You can install tcpdump on the ubuntu router (
apt-get install tcpdump
), and configure it to watch for smtp traffic;you can review the file for which hosts are sending smtp traffic from another SSH session;
you can get more sophisticated output if you install wireshark to your local machine and download the dump files, or use tshark at the ssh command line.
warning: tcpdump will fill your disk in quick time if you have a lot of smtp traffic, so review the output file
ls -lh /tmp/smtp_dump
and stop the command with ctrl-c when you have a few MB of data to look at.Interface options to tcpdump (
-i eth0
): if your router uses a different interface than eth0, then you might have to select it with the-i
option e.g.tcpdump -i bond0 -s0 -w/tmp/smtp_dump port 25