Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need to shutdown Port 25 on user machines but not the exchange server to stop spamming

Posted on 2007-03-20
15
Medium Priority
?
688 Views
Last Modified: 2013-12-04
I have a client that is running Small Business Server Regular Edition.  They have a Linksys BEFSR41 Router.  There are running exchange on their small business server.   I am running Trend Micro Client Server Messaging Security which is not picking up any viruses.  The only way I know they have virus issues is that they keep getting blacklisted as Spammers.  I am going to purchase a new watchguard router in the future but I need to shut down port 25 for all the local machines (there are 8 of them 6 XP Pro and 2 Windows Vista) and leave it open on the exchange server.  I am hoping this will stop what ever machine that has a virus from spamming.  

My question is, how as of today can I kill the local machines from having access to port 25 while leaving the server access.  I don't think it can be done with the linksys router.  The port filtering there seems to kill all access to port 25 including the server.  I could be wrong though.

Is there some sort of login script or just a simple configuration I could make to each machine to stop access to JUST port 25.  There are only 8 machines so it would be no big deal to go to each of them.

I want to do this today so I can submit them to be delisted.  

Thanks
0
Comment
Question by:Lawot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +4
15 Comments
 
LVL 9

Accepted Solution

by:
rpartington earned 672 total points
ID: 18756604
I would suggest you take each PC off the network one at a time and make sure they are completely virus free and DO NOT put them back on the network until you have systemmatcically do everyone one at a time including the server.
Then before putting the clients back online I would ensure that your exchange server is not being used as an open relay which could be one of the reasons your being blacklisted.
Along with following the spam cleanup link below.

http://www.amset.info/exchange/smtp-relaysecure.asp

http://www.amset.info/exchange/spam-cleanup.asp
This is one of those jobs that by the sound of your description needs to be done the long way,
However I would try the exchange server 1st for an open relay as you may simply be wide open as a relay and not have a virus on the network.
0
 
LVL 9

Expert Comment

by:rpartington
ID: 18756611
just noticed my bad grammer above apologies.
0
 

Author Comment

by:Lawot
ID: 18756707
No problem with the Grammer,  I have run TrendMicro, Norton on each machine.  No virus.  I have done this several times on each machine.  I am listed on the CBL http://cbl.abuseat.org/server.html, and they say they dont list open relays, which I am not because I checked.  Anyway thanks for the help.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 9

Expert Comment

by:rpartington
ID: 18756858
Are you also showing up here then using the Spam Database Lookup option

http://www.dnsstuff.com/
0
 
LVL 10

Expert Comment

by:abraham808
ID: 18756861
Why Disallow all traffic on the firewall from using port 25.  But only Allow the exchange server
0
 

Author Comment

by:Lawot
ID: 18758155
Because i am figuring that shutting down port 25 will stop what ever machine that has a virus from spamming.
0
 
LVL 10

Expert Comment

by:abraham808
ID: 18758310
Can't you check at the router/switch level with PC is broadcasting the most?

Do you know which Virus?
0
 
LVL 32

Assisted Solution

by:r-k
r-k earned 664 total points
ID: 18758942
If you install the free version of ZoneAlarm on an XP workstation, it should show you which program, if any, is trying to connect port 25.
A simpler option to try first is "netstat -ab" at a command prompt for each suspect workstation.
Another option is TCPview http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 664 total points
ID: 18760589
If you suspect that something is sending out messages, then the quick and dirty method is to stop Exchange from sending messages (Disable Outbound Email in ESM) and then block port 25 on the firewall. Configure the router to log and then wait a few minutes. The log will quickly fill up if a machine is trying to send out garbage - or you could push it out to a syslog so that you can read it elsewhere.

I don't think that router though will allow you to control the ports like a firewall - it isn't really designed for that, so you will have to use the heavy handed approach for now.

Simon.
0
 
LVL 6

Expert Comment

by:gvlob
ID: 18766990
If I remember correctly cbl also lists servers that don't have proper PTR records set up in DNS. If you find that you arn't sending out any spam, but are still being black listed this may be the reason. Have you contacted CBL to find out why you are being list?
0
 
LVL 10

Expert Comment

by:abraham808
ID: 18767209
Use the Microsoft Firewall to block port 25.
0
 

Author Comment

by:Lawot
ID: 18813706
Do you mean the windows firewall on each workstation?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18814462
The Windows firewall is about as much use as throwing a bucket of water on a bush fire. It cannot block outbound traffic, so isn't any use for this.

You need to block the port on your perimeter firewall. If what you are using on the perimeter cannot block ports correctly then it is not fit for purpose and should be replaced.

Simon.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21185790
Forced accept.

Computer101
EE Admin
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question