Lawot
asked on
Need to shutdown Port 25 on user machines but not the exchange server to stop spamming
I have a client that is running Small Business Server Regular Edition. They have a Linksys BEFSR41 Router. There are running exchange on their small business server. I am running Trend Micro Client Server Messaging Security which is not picking up any viruses. The only way I know they have virus issues is that they keep getting blacklisted as Spammers. I am going to purchase a new watchguard router in the future but I need to shut down port 25 for all the local machines (there are 8 of them 6 XP Pro and 2 Windows Vista) and leave it open on the exchange server. I am hoping this will stop what ever machine that has a virus from spamming.
My question is, how as of today can I kill the local machines from having access to port 25 while leaving the server access. I don't think it can be done with the linksys router. The port filtering there seems to kill all access to port 25 including the server. I could be wrong though.
Is there some sort of login script or just a simple configuration I could make to each machine to stop access to JUST port 25. There are only 8 machines so it would be no big deal to go to each of them.
I want to do this today so I can submit them to be delisted.
Thanks
My question is, how as of today can I kill the local machines from having access to port 25 while leaving the server access. I don't think it can be done with the linksys router. The port filtering there seems to kill all access to port 25 including the server. I could be wrong though.
Is there some sort of login script or just a simple configuration I could make to each machine to stop access to JUST port 25. There are only 8 machines so it would be no big deal to go to each of them.
I want to do this today so I can submit them to be delisted.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
rpartington
just noticed my bad grammer above apologies.
ASKER
No problem with the Grammer, I have run TrendMicro, Norton on each machine. No virus. I have done this several times on each machine. I am listed on the CBL http://cbl.abuseat.org/server.html, and they say they dont list open relays, which I am not because I checked. Anyway thanks for the help.
Why Disallow all traffic on the firewall from using port 25. But only Allow the exchange server
ASKER
Because i am figuring that shutting down port 25 will stop what ever machine that has a virus from spamming.
Can't you check at the router/switch level with PC is broadcasting the most?
Do you know which Virus?
Do you know which Virus?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If I remember correctly cbl also lists servers that don't have proper PTR records set up in DNS. If you find that you arn't sending out any spam, but are still being black listed this may be the reason. Have you contacted CBL to find out why you are being list?
Use the Microsoft Firewall to block port 25.
ASKER
Do you mean the windows firewall on each workstation?
The Windows firewall is about as much use as throwing a bucket of water on a bush fire. It cannot block outbound traffic, so isn't any use for this.
You need to block the port on your perimeter firewall. If what you are using on the perimeter cannot block ports correctly then it is not fit for purpose and should be replaced.
Simon.
You need to block the port on your perimeter firewall. If what you are using on the perimeter cannot block ports correctly then it is not fit for purpose and should be replaced.
Simon.
Forced accept.
Computer101
EE Admin
Computer101
EE Admin