You would still need netfilter to prevent other users from using the internet as a back door. For example, financial firms must log all incoming and outgoing smtp traffic. To accomplish this you need to ensure that your users cannot access external SMTP servers otherwise they could sent out unlogged messages. We have done this in the past for a few companies. This forces the user to use the sendmail server for their email. I think this is the goal of the requester.
Which is exactly what my first sentence said: "I will assume that LAN users are allowed to connect to mail server only, and not to outside world". BTW, this is something that should be done by default. Financial firm or not.
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
