Advertisement

05.19.2008 at 09:09AM PDT, ID: 23414204
[x]
Attachment Details

Block port 25 (outgoing mail/spam) for all machines except mail server using Watchguard System Manager and Firebox x1000

Asked by youngslim in Watchguard Firewall, Miscellaneous Security, Anti-Spam Email Software

Tags: , , , , ,

I recently had an infected system send out some spam. We've removed the system from the network and I believe that we've stopped the issue momentarily. My goal is to prevent this from happenning again. Obviously there are a lot things involved there.

One common, general piece of advice seems to be "block port 25 for all machines except your mail server". (The message id for the spam referenced the infected computer name, not the mail server, as our legitimate mail id's seem to).

So I'd like to configure (or make sure that we currenlty have) our Firebox 1000x to only allow mail to go out through our exchange server.

How do I do that? Where do I start?

My SMTP service is set to
Incoming: Enabled and Allowed From Any to 198.xxx.xxx.xxx->10.xxx.xxx.xxx (198.xxx being our external mx ip and 10.xxx being our internal Barracuda appliance)
Outgoing: Enabled and Allowed Any to Any

My filtered SMTP service is set to
Incoming: Denied From Any to Any
Outgoing: Enabled and Allowed From Any to Any

Thanks!

I relalize I have other issues to check, but this seems to be a starting place now that I've got the machine off the network and my virus scans are showing no signs of infection. (fingers crossed.)Start Free Trial
[+][-]05.19.2008 at 10:28AM PDT, ID: 21599766

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Watchguard Firewall, Miscellaneous Security, Anti-Spam Email Software
Tags: Watchguard, Watchguard System Manager, 9.1, Watchguard, Firebox x1000, Firebox x1000
Sign Up Now!
Solution Provided By: dpk_wal
Participating Experts: 1
Solution Grade: A
 
 
[+][-]05.19.2008 at 11:15AM PDT, ID: 21600143

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.19.2008 at 11:55AM PDT, ID: 21600500

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.19.2008 at 12:05PM PDT, ID: 21600592

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.19.2008 at 07:33PM PDT, ID: 21603225

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.19.2008 at 09:42PM PDT, ID: 21603538

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628