Solved

Need to shutdown Port 25 on user machines but not the exchange server to stop spamming

Posted on 2007-03-20
15
673 Views
Last Modified: 2013-12-04
I have a client that is running Small Business Server Regular Edition.  They have a Linksys BEFSR41 Router.  There are running exchange on their small business server.   I am running Trend Micro Client Server Messaging Security which is not picking up any viruses.  The only way I know they have virus issues is that they keep getting blacklisted as Spammers.  I am going to purchase a new watchguard router in the future but I need to shut down port 25 for all the local machines (there are 8 of them 6 XP Pro and 2 Windows Vista) and leave it open on the exchange server.  I am hoping this will stop what ever machine that has a virus from spamming.  

My question is, how as of today can I kill the local machines from having access to port 25 while leaving the server access.  I don't think it can be done with the linksys router.  The port filtering there seems to kill all access to port 25 including the server.  I could be wrong though.

Is there some sort of login script or just a simple configuration I could make to each machine to stop access to JUST port 25.  There are only 8 machines so it would be no big deal to go to each of them.

I want to do this today so I can submit them to be delisted.  

Thanks
0
Comment
Question by:Lawot
  • 3
  • 3
  • 3
  • +4
15 Comments
 
LVL 9

Accepted Solution

by:
rpartington earned 168 total points
ID: 18756604
I would suggest you take each PC off the network one at a time and make sure they are completely virus free and DO NOT put them back on the network until you have systemmatcically do everyone one at a time including the server.
Then before putting the clients back online I would ensure that your exchange server is not being used as an open relay which could be one of the reasons your being blacklisted.
Along with following the spam cleanup link below.

http://www.amset.info/exchange/smtp-relaysecure.asp

http://www.amset.info/exchange/spam-cleanup.asp
This is one of those jobs that by the sound of your description needs to be done the long way,
However I would try the exchange server 1st for an open relay as you may simply be wide open as a relay and not have a virus on the network.
0
 
LVL 9

Expert Comment

by:rpartington
ID: 18756611
just noticed my bad grammer above apologies.
0
 

Author Comment

by:Lawot
ID: 18756707
No problem with the Grammer,  I have run TrendMicro, Norton on each machine.  No virus.  I have done this several times on each machine.  I am listed on the CBL http://cbl.abuseat.org/server.html, and they say they dont list open relays, which I am not because I checked.  Anyway thanks for the help.
0
 
LVL 9

Expert Comment

by:rpartington
ID: 18756858
Are you also showing up here then using the Spam Database Lookup option

http://www.dnsstuff.com/
0
 
LVL 10

Expert Comment

by:abraham808
ID: 18756861
Why Disallow all traffic on the firewall from using port 25.  But only Allow the exchange server
0
 

Author Comment

by:Lawot
ID: 18758155
Because i am figuring that shutting down port 25 will stop what ever machine that has a virus from spamming.
0
 
LVL 10

Expert Comment

by:abraham808
ID: 18758310
Can't you check at the router/switch level with PC is broadcasting the most?

Do you know which Virus?
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 32

Assisted Solution

by:r-k
r-k earned 166 total points
ID: 18758942
If you install the free version of ZoneAlarm on an XP workstation, it should show you which program, if any, is trying to connect port 25.
A simpler option to try first is "netstat -ab" at a command prompt for each suspect workstation.
Another option is TCPview http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 166 total points
ID: 18760589
If you suspect that something is sending out messages, then the quick and dirty method is to stop Exchange from sending messages (Disable Outbound Email in ESM) and then block port 25 on the firewall. Configure the router to log and then wait a few minutes. The log will quickly fill up if a machine is trying to send out garbage - or you could push it out to a syslog so that you can read it elsewhere.

I don't think that router though will allow you to control the ports like a firewall - it isn't really designed for that, so you will have to use the heavy handed approach for now.

Simon.
0
 
LVL 6

Expert Comment

by:gvlob
ID: 18766990
If I remember correctly cbl also lists servers that don't have proper PTR records set up in DNS. If you find that you arn't sending out any spam, but are still being black listed this may be the reason. Have you contacted CBL to find out why you are being list?
0
 
LVL 10

Expert Comment

by:abraham808
ID: 18767209
Use the Microsoft Firewall to block port 25.
0
 

Author Comment

by:Lawot
ID: 18813706
Do you mean the windows firewall on each workstation?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18814462
The Windows firewall is about as much use as throwing a bucket of water on a bush fire. It cannot block outbound traffic, so isn't any use for this.

You need to block the port on your perimeter firewall. If what you are using on the perimeter cannot block ports correctly then it is not fit for purpose and should be replaced.

Simon.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21185790
Forced accept.

Computer101
EE Admin
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
how to add IIS SMTP to handle application/Scanner relays into office 365.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now