Software to monitor port 25 for SBS server
HI,
My server is sending out email unautorizedly . Hence my Ip has been blocked.
anyway, this problem might be solved since i am not seeing any queue in my exchange server. But if any workststation got any virus and if it try to bypass my server and send email out side thats my problem,
how will i know that , (1) any workstation is not by passing my exchange and sending email ??
(2) is there any software that can monitor smtp port (25) and let me know how many emails are going out ??
My server is sending out email unautorizedly . Hence my Ip has been blocked.
anyway, this problem might be solved since i am not seeing any queue in my exchange server. But if any workststation got any virus and if it try to bypass my server and send email out side thats my problem,
how will i know that , (1) any workstation is not by passing my exchange and sending email ??
(2) is there any software that can monitor smtp port (25) and let me know how many emails are going out ??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1) A virus scan on the clients will ensure that they are not sending out emails themselves. If they do have a virus then they can bypass the Exchange server as they will have their own SMTP server installed as part of the virus.
2) When you say you want to monitor Port 25, where is this? If it is on the Exchange Server then message tracking is what you need. If it is on the Firewall then does it not have logging already that you can use?
Locking the Firewall down is the best bet. This way you are ensuring that ONLY the exchange server is able to connect through it on Port 25.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi guys ,thnanks for advise
i will close this close this quetion soon
just one more
by monitoring , i meant, is there any software to see how much data is going out via my SMTP port ?? and also, if any any sotware i can install each pc to make sure its not sending any data via SMTP port ??
yes i will conside something like mailguard or Sonicwall email security.
but if there is any softare like that i have mentoned that would be great
please let me know
i will close this close this quetion soon
just one more
by monitoring , i meant, is there any software to see how much data is going out via my SMTP port ?? and also, if any any sotware i can install each pc to make sure its not sending any data via SMTP port ??
yes i will conside something like mailguard or Sonicwall email security.
but if there is any softare like that i have mentoned that would be great
please let me know
You can run a packet sniffer on each machine but I don't see the point.
http://en.wikipedia.org/wiki/Packet_sniffer
Do you have any switches on your LAN that you could monitor? much easier to monitor one item.
If the Firewall is set to only allow port 25 access from LAN -> WAN by the Exchange server then only the Exchange server can send emails.
Also, running the av scan will ensure that non of the clients have any viruses installed that could be sending emails.
I would do this before installing any monitoring software.
http://en.wikipedia.org/wiki/Packet_sniffer
Do you have any switches on your LAN that you could monitor? much easier to monitor one item.
If the Firewall is set to only allow port 25 access from LAN -> WAN by the Exchange server then only the Exchange server can send emails.
Also, running the av scan will ensure that non of the clients have any viruses installed that could be sending emails.
I would do this before installing any monitoring software.
ASKER
thanks
about your this comments
Do you have any switches on your LAN that you could monitor? omm no we have a firewall which is IPCOP but it does not give any informaiton.
If the Firewall is set to only allow port 25 access from LAN -> WAN by the Exchange server then only the Exchange server can send emails.
do you mean, firewall at server ??
about your this comments
Do you have any switches on your LAN that you could monitor? omm no we have a firewall which is IPCOP but it does not give any informaiton.
If the Firewall is set to only allow port 25 access from LAN -> WAN by the Exchange server then only the Exchange server can send emails.
do you mean, firewall at server ??
If the Linux IPCOP is your main Gateway Firewall then I would add the rule to that.
Is it a separate machine or is it on the same server as your Exchange? I haven't come across it before.
But, I do notice that it produces logs (http://www.ipcop.org/index.php?name=FAQ&id_cat=7) Might be worth going through them to see what if anything has been sending.
Is it a separate machine or is it on the same server as your Exchange? I haven't come across it before.
But, I do notice that it produces logs (http://www.ipcop.org/index.php?name=FAQ&id_cat=7) Might be worth going through them to see what if anything has been sending.
ASKER
ommm yes it has logs and i can see from ip its try to connect , and ipcop is in seperate mechine.
but i am not seeing any options right now in hand to block all workstation to use only exchange serve rather that its own SMTP [ if any virus make it own stmp]
but i am not seeing any options right now in hand to block all workstation to use only exchange serve rather that its own SMTP [ if any virus make it own stmp]
I don't know this application, but on ours we set up a "Virtual IP" which would be the Exchange server, give it the internal and external details and then the port:
Exchange-ho
wan IP: 217.154.126.146
LAN IP: 192.168.1.113
Port: 25/tcp
and then add a rule in the firewall only allowing LAN -> WAN on 25 by the virtual IP called Exchange-ho
Exchange-ho
wan IP: 217.154.126.146
LAN IP: 192.168.1.113
Port: 25/tcp
and then add a rule in the firewall only allowing LAN -> WAN on 25 by the virtual IP called Exchange-ho
ASKER
but what firewall are you using ??
We are using a Hardware unit called a Fortigate 60.
But IPCOP would have to be a pretty poor package if it also didn't allow LAN -> WAN configs. I imagine the docs have some examples, or the Forum would be a good palce to post.
But IPCOP would have to be a pretty poor package if it also didn't allow LAN -> WAN configs. I imagine the docs have some examples, or the Forum would be a good palce to post.
ASKER
yes, i am thanking of using sonic wall email security hardware versiion
do you h ave any idea how good is sonic wall ??
do you h ave any idea how good is sonic wall ??
I don't sorry. Might be worth posting another question in
https://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/#browseZones
to get some feedback on the product.
What are your plans re your current issues? Have you run an AV scan on the clients? And did you run through the docs I supplied at the beginning on how to lock your exchange server down?
Has the spam stopped and are you going to get yourself off the blacklists?
https://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/#browseZones
to get some feedback on the product.
What are your plans re your current issues? Have you run an AV scan on the clients? And did you run through the docs I supplied at the beginning on how to lock your exchange server down?
Has the spam stopped and are you going to get yourself off the blacklists?
ASKER
ommm
Server is acting fine now!!! ISP confermed that our server is not sendingn any spam. but i know this attack will come again soon...
I have run AV, which didnot find anything. I have a doubth that our Antivius and Email security is not that good which is Sophos.
so i will now consider to switch another company. who can give all the facilities
have a look at this question i have posted , then you will now what i have ment here
https://www.experts-exchange.com/questions/23936954/Exchange-Queue-problem.html?cid=239&anchorAnswerId=23054912#a23054912
Server is acting fine now!!! ISP confermed that our server is not sendingn any spam. but i know this attack will come again soon...
I have run AV, which didnot find anything. I have a doubth that our Antivius and Email security is not that good which is Sophos.
so i will now consider to switch another company. who can give all the facilities
have a look at this question i have posted , then you will now what i have ment here
https://www.experts-exchange.com/questions/23936954/Exchange-Queue-problem.html?cid=239&anchorAnswerId=23054912#a23054912
ASKER
No my server is not open realy but still it was sending email . today it seems allright , i am not seeing any queue
as i said earlier, how will i make sure that all workstation on my network only send email via Exchange server not by passing my server ??
and also : is their any software that i can use to monitor my port 25 for how many emails going out ?? [ i know from exchange message tracking i can do this] but here iam asking about by passing my exchange serever ]