diablo-26
asked on
How to block SMTP at the router level.
This is kind of urgent because our ISP informed me today that if we don't stop SPAM coming out of our network they will suspend our account. That means 4 schools without internet service by the end of the week.
I have disabled all relaying on our Exchange 2003 server. I've allowed no SMTP except from our mail server address from within our Sonic Wall 5060.
Is there a way to block all traffic outbound on port 25 except for traffic orginating from our mail server which is 10.1.1.30?
Also does anyone know of a good sniffer to try and see where these things are being sent from? We believe it's a virus sending mail directly from a client computer... that is it not even using our mail server at all.
Anyone had a similar situation or have a good idea for this?
Thanks,
M
diablo-26,
I dont know nothing about sonic walls.
But I have Juniper 5GT's configured to do the same.
I allow only from trust 10.1.1.30 to untrust ANY port 25.
Your s
cheers,
Trenes
I dont know nothing about sonic walls.
But I have Juniper 5GT's configured to do the same.
I allow only from trust 10.1.1.30 to untrust ANY port 25.
Your s
cheers,
Trenes
In the sonicwall you can create a firewall access rule to block port 25 from LAN to WAN, this will stop all port 25 traffic from leaving your network
You can then create a firewall access rule to allow port 25 from lan to wan to allow traffic from only 10.1.1.30 to the outside...
>>Also does anyone know of a good sniffer to try and see where these things are being sent from? We believe it's a virus sending mail directly from a client computer... that is it not even using our mail server at all.
If you're not relaying, then the above is probably true. The firewall rules as noted from the others will stop the traffic from going outside, and consequently make your ISP happy. However, I'd still throw a sniffer on so you can find the infected client. Wireshark (formally Ethereal) is free: http://www.wireshark.org/
If you're not relaying, then the above is probably true. The firewall rules as noted from the others will stop the traffic from going outside, and consequently make your ISP happy. However, I'd still throw a sniffer on so you can find the infected client. Wireshark (formally Ethereal) is free: http://www.wireshark.org/
Hi,
I think you can select the right documentation from this link as per ur appliance :
http://www.sonicwall.com/support/documentation.html
also once u are sure of how to make a ruleset,
make a rule to allow port 25 traffic only from your exchange
make specific rules to allow the wanted traffic to pass through your firewall.
block everything else...
and ethereal is good.. http://www.wireshark.org/
I think you can select the right documentation from this link as per ur appliance :
http://www.sonicwall.com/support/documentation.html
also once u are sure of how to make a ruleset,
make a rule to allow port 25 traffic only from your exchange
make specific rules to allow the wanted traffic to pass through your firewall.
block everything else...
and ethereal is good.. http://www.wireshark.org/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Microsoft just released a tool called NetMonitor and this is a good time to use it.
http://support.microsoft.com/kb/812953
Cheers!
regards,
Trenes