[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 689
  • Last Modified:

Need to shutdown Port 25 on user machines but not the exchange server to stop spamming

I have a client that is running Small Business Server Regular Edition.  They have a Linksys BEFSR41 Router.  There are running exchange on their small business server.   I am running Trend Micro Client Server Messaging Security which is not picking up any viruses.  The only way I know they have virus issues is that they keep getting blacklisted as Spammers.  I am going to purchase a new watchguard router in the future but I need to shut down port 25 for all the local machines (there are 8 of them 6 XP Pro and 2 Windows Vista) and leave it open on the exchange server.  I am hoping this will stop what ever machine that has a virus from spamming.  

My question is, how as of today can I kill the local machines from having access to port 25 while leaving the server access.  I don't think it can be done with the linksys router.  The port filtering there seems to kill all access to port 25 including the server.  I could be wrong though.

Is there some sort of login script or just a simple configuration I could make to each machine to stop access to JUST port 25.  There are only 8 machines so it would be no big deal to go to each of them.

I want to do this today so I can submit them to be delisted.  

Thanks
0
Lawot
Asked:
Lawot
  • 3
  • 3
  • 3
  • +4
3 Solutions
 
rpartingtonCommented:
I would suggest you take each PC off the network one at a time and make sure they are completely virus free and DO NOT put them back on the network until you have systemmatcically do everyone one at a time including the server.
Then before putting the clients back online I would ensure that your exchange server is not being used as an open relay which could be one of the reasons your being blacklisted.
Along with following the spam cleanup link below.

http://www.amset.info/exchange/smtp-relaysecure.asp

http://www.amset.info/exchange/spam-cleanup.asp
This is one of those jobs that by the sound of your description needs to be done the long way,
However I would try the exchange server 1st for an open relay as you may simply be wide open as a relay and not have a virus on the network.
0
 
rpartingtonCommented:
just noticed my bad grammer above apologies.
0
 
LawotAuthor Commented:
No problem with the Grammer,  I have run TrendMicro, Norton on each machine.  No virus.  I have done this several times on each machine.  I am listed on the CBL http://cbl.abuseat.org/server.html, and they say they dont list open relays, which I am not because I checked.  Anyway thanks for the help.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
rpartingtonCommented:
Are you also showing up here then using the Spam Database Lookup option

http://www.dnsstuff.com/
0
 
abraham808Commented:
Why Disallow all traffic on the firewall from using port 25.  But only Allow the exchange server
0
 
LawotAuthor Commented:
Because i am figuring that shutting down port 25 will stop what ever machine that has a virus from spamming.
0
 
abraham808Commented:
Can't you check at the router/switch level with PC is broadcasting the most?

Do you know which Virus?
0
 
r-kCommented:
If you install the free version of ZoneAlarm on an XP workstation, it should show you which program, if any, is trying to connect port 25.
A simpler option to try first is "netstat -ab" at a command prompt for each suspect workstation.
Another option is TCPview http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx
0
 
SembeeCommented:
If you suspect that something is sending out messages, then the quick and dirty method is to stop Exchange from sending messages (Disable Outbound Email in ESM) and then block port 25 on the firewall. Configure the router to log and then wait a few minutes. The log will quickly fill up if a machine is trying to send out garbage - or you could push it out to a syslog so that you can read it elsewhere.

I don't think that router though will allow you to control the ports like a firewall - it isn't really designed for that, so you will have to use the heavy handed approach for now.

Simon.
0
 
gvlobCommented:
If I remember correctly cbl also lists servers that don't have proper PTR records set up in DNS. If you find that you arn't sending out any spam, but are still being black listed this may be the reason. Have you contacted CBL to find out why you are being list?
0
 
abraham808Commented:
Use the Microsoft Firewall to block port 25.
0
 
LawotAuthor Commented:
Do you mean the windows firewall on each workstation?
0
 
SembeeCommented:
The Windows firewall is about as much use as throwing a bucket of water on a bush fire. It cannot block outbound traffic, so isn't any use for this.

You need to block the port on your perimeter firewall. If what you are using on the perimeter cannot block ports correctly then it is not fit for purpose and should be replaced.

Simon.
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 3
  • 3
  • 3
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now