Solved

How do I block port 25 for all outgoing traffice except from my mail server

Posted on 2008-10-22
7
2,084 Views
Last Modified: 2013-11-30
I have a sonic wall tz190. I have created an access rule that deny's any lan to wan on port 25 except for my exchange server. Actually it is 2 rules (my server is at 10.0.0.51) one that block 1-50 and one that blocks 52-254.  This should do it right? There is a rule that allows any to any though.  And it is enabled.  Does this overwrite the deny or do deny rules take priority, like in Windows. If it is setup how can I test it?
0
Comment
Question by:degoodwin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 16

Accepted Solution

by:
btassure earned 500 total points
ID: 22782203
Rules will be processed in order. If the first rule is permit any to any then it will match that traffic, permit it and ignore the rest. If you had the list like the attached for example it would allow smtp from the mail server, block it from anywhere else and permit all other traffic.
permit from mail server to any on port 25
deny from any to any on port 25
permit from any to any

Open in new window

0
 

Author Comment

by:degoodwin
ID: 22782352
The rules are listed as follows:

 # Priority  Source                        Destination       Service                   Action     Users    
 1 1            Bottom Range SMTP All WAN IP         SMTP (Send E-Mail) Deny     All      
 2 2           Top Range SMTP       All WAN IP         SMTP (Send E-Mail) Deny     All      
 3 3            Any                           Any                   Any                         Allow     All      
     

All are enabled.  This is correct, right? How can I test it?
0
 

Author Comment

by:degoodwin
ID: 22782356
Bottom Range SMTP is 10.0.0.1-50
Top Range SMTP is 10.0.0.51-254
The Exchange server is at 10.0.0.51
0
How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

 
LVL 16

Expert Comment

by:btassure
ID: 22783559
They are processed in priority order. The system you have will work equally well but is less efficient as you add more rules and is not really in best practice.
0
 

Author Comment

by:degoodwin
ID: 22784680
So does the system check each packet against the rules and if it finds one it mathces then stops processing any more rules. The way you have the rules setup all traffic from mail server on 25 would be allowed first, then it would not bother to look at rules 2 and 3. If the packet is not from mail server and not on port 25 then it would move to rule 2, if it was port 25 traffic from anywhere else it would then get blocked.  If it was any other sort of traffic it wold progress onto 3 which would allow all. Is that how it works.  I understand the subtle difference as to how mine are setup. So if it finds a rule it applies to it stops processing anymore rules?  Is there any way to test port 25 traffic? Can I try telnet on port 25 from a workstation to an outside address and see if it connects? If it fails can I assume that it is being blocked?
0
 
LVL 16

Expert Comment

by:btassure
ID: 22787723
Yes to every question :o) That's how pretty much all firewalls work. And yes, telnet to port 25 on an upstream mail server. If it lets you in then it isn't blocked, otherwise your blocks are working.
0
 

Author Closing Comment

by:degoodwin
ID: 31508996
Thanks.  Looks like it is working after I restarted the server. The rules changes didn't take till after restart.
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question