Solved

Need to shutdown Port 25 on user machines but not the exchange server to stop spamming

Posted on 2007-03-20
15
679 Views
Last Modified: 2013-12-04
I have a client that is running Small Business Server Regular Edition.  They have a Linksys BEFSR41 Router.  There are running exchange on their small business server.   I am running Trend Micro Client Server Messaging Security which is not picking up any viruses.  The only way I know they have virus issues is that they keep getting blacklisted as Spammers.  I am going to purchase a new watchguard router in the future but I need to shut down port 25 for all the local machines (there are 8 of them 6 XP Pro and 2 Windows Vista) and leave it open on the exchange server.  I am hoping this will stop what ever machine that has a virus from spamming.  

My question is, how as of today can I kill the local machines from having access to port 25 while leaving the server access.  I don't think it can be done with the linksys router.  The port filtering there seems to kill all access to port 25 including the server.  I could be wrong though.

Is there some sort of login script or just a simple configuration I could make to each machine to stop access to JUST port 25.  There are only 8 machines so it would be no big deal to go to each of them.

I want to do this today so I can submit them to be delisted.  

Thanks
0
Comment
Question by:Lawot
  • 3
  • 3
  • 3
  • +4
15 Comments
 
LVL 9

Accepted Solution

by:
rpartington earned 168 total points
ID: 18756604
I would suggest you take each PC off the network one at a time and make sure they are completely virus free and DO NOT put them back on the network until you have systemmatcically do everyone one at a time including the server.
Then before putting the clients back online I would ensure that your exchange server is not being used as an open relay which could be one of the reasons your being blacklisted.
Along with following the spam cleanup link below.

http://www.amset.info/exchange/smtp-relaysecure.asp

http://www.amset.info/exchange/spam-cleanup.asp
This is one of those jobs that by the sound of your description needs to be done the long way,
However I would try the exchange server 1st for an open relay as you may simply be wide open as a relay and not have a virus on the network.
0
 
LVL 9

Expert Comment

by:rpartington
ID: 18756611
just noticed my bad grammer above apologies.
0
 

Author Comment

by:Lawot
ID: 18756707
No problem with the Grammer,  I have run TrendMicro, Norton on each machine.  No virus.  I have done this several times on each machine.  I am listed on the CBL http://cbl.abuseat.org/server.html, and they say they dont list open relays, which I am not because I checked.  Anyway thanks for the help.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 9

Expert Comment

by:rpartington
ID: 18756858
Are you also showing up here then using the Spam Database Lookup option

http://www.dnsstuff.com/
0
 
LVL 10

Expert Comment

by:abraham808
ID: 18756861
Why Disallow all traffic on the firewall from using port 25.  But only Allow the exchange server
0
 

Author Comment

by:Lawot
ID: 18758155
Because i am figuring that shutting down port 25 will stop what ever machine that has a virus from spamming.
0
 
LVL 10

Expert Comment

by:abraham808
ID: 18758310
Can't you check at the router/switch level with PC is broadcasting the most?

Do you know which Virus?
0
 
LVL 32

Assisted Solution

by:r-k
r-k earned 166 total points
ID: 18758942
If you install the free version of ZoneAlarm on an XP workstation, it should show you which program, if any, is trying to connect port 25.
A simpler option to try first is "netstat -ab" at a command prompt for each suspect workstation.
Another option is TCPview http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 166 total points
ID: 18760589
If you suspect that something is sending out messages, then the quick and dirty method is to stop Exchange from sending messages (Disable Outbound Email in ESM) and then block port 25 on the firewall. Configure the router to log and then wait a few minutes. The log will quickly fill up if a machine is trying to send out garbage - or you could push it out to a syslog so that you can read it elsewhere.

I don't think that router though will allow you to control the ports like a firewall - it isn't really designed for that, so you will have to use the heavy handed approach for now.

Simon.
0
 
LVL 6

Expert Comment

by:gvlob
ID: 18766990
If I remember correctly cbl also lists servers that don't have proper PTR records set up in DNS. If you find that you arn't sending out any spam, but are still being black listed this may be the reason. Have you contacted CBL to find out why you are being list?
0
 
LVL 10

Expert Comment

by:abraham808
ID: 18767209
Use the Microsoft Firewall to block port 25.
0
 

Author Comment

by:Lawot
ID: 18813706
Do you mean the windows firewall on each workstation?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18814462
The Windows firewall is about as much use as throwing a bucket of water on a bush fire. It cannot block outbound traffic, so isn't any use for this.

You need to block the port on your perimeter firewall. If what you are using on the perimeter cannot block ports correctly then it is not fit for purpose and should be replaced.

Simon.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21185790
Forced accept.

Computer101
EE Admin
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question