Solved

I am on the EMAIL Blacklist

Posted on 2009-07-10
13
652 Views
Last Modified: 2013-11-30
my ip address has been put on the email blacklist.  I am in the process of checking all staff computers for the cutwail2 spamBOT  that is being reported as infected on my network.

My questions is, according to CBL, i should "configure your NAT to prohibit connections to the Internet on port 25 except from real mail servers".

How do i do this with my NetGear FVS338?
0
Comment
Question by:dfisher68
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
  • 2
13 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24824685
Look at the attached and add the Outbound rules - just change hte 10.0.0.2 IP for your internal IP Address of your mail server.
FVS338.jpg
0
 
LVL 1

Expert Comment

by:etchy74
ID: 24824738
Basically what you want to do is prohibit all systems in your network from passing traffic over port 25 (SMTP) to the internet except for your mail server.

I took a quick look at the manual for your firewall ftp://downloads.netgear.com/files/FVS338_RM_28Feb09.pdf and it looks like you're going to need to create a couple rules.

The order of precedence matters as the packets are subjected to the rules in the order shown in the rules table, beginning from the top and proceeding to the bottom.  Therefore you're going to need to put in a rule that blocks all SMTP traffic from your LAN to the internet.  You're also going to need a rule that allows SMTP traffic coming from the IP address of your mail server.  The allow rule for your mail server should reside above the block rule so it will get processed first.

This will allow your mail server to send to the internet, but any computers that are infested with a virus will be unable to send.  There are some visual examples in the manual linked above under Chapter 4:  Setting LAN WAN Rules
0
 
LVL 1

Expert Comment

by:etchy74
ID: 24824754
Looking at alan's example above I might have misread the order that the rules get processed...
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24824784
My info is slightly wrong - in the first SMTP block - don't add all IP's create a range that misses out your server - just done this on mine and it blocks the flow if you block all.  Sorry.
This one works

FVS338.jpg
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24824842
If you set the default outbound policy to block, make sure you add other allow policies such as DNS, POP3, IMAP, HTTP, HTTPS etc if you use those services.
0
 

Author Comment

by:dfisher68
ID: 24824862
thanks to both of you.  i added the rules and email is still flowing, so thats good.  Now i just need all the field staff to get their computers updated and scanned.  
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24824873
Follow xmachines's advice on the following link - wireshark will be your best friend!
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_24463550.html?cid=238#a24606079 
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24824888
Malwarebytes (www.malwarebytes.org) may also help you out here.  It is free and a darn good tool.
Combofix is another - http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 

Author Comment

by:dfisher68
ID: 24824914
alan - i set the rule before seeing your response about creating a "block range" and email seems to be working.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 24824977
Is the default policy for outbound set to Allow or Block.  If it is set to Allow - the rule will have no effect.  Set the default outbound to Block and then add other allow rules for other protocols:
My latest screenshot of my firewall

FVS338.jpg
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24824996
You can restrict the other protocols if you wish to the server only exactly or as you need.
0
 

Author Comment

by:dfisher68
ID: 24825275
IMAP4 is not in my list of services, what port do i use if i need to enter it manually.  Also, i have two emails i use, one is the work exchange and one is my comcast account.  I added the rules above (after setting default to block) and now my comcast email cant send and receive - i have outlook configured to use comcast on one of my computers.

as for all the other advice on the sniffers and removing the virus, thank you all.  I have some work to do.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24825316
IMAP4 is port 143 in case you need to add the service.
The comcast won't sent now because you blocked it.  If you need to send out email via SMTP on your computer, you have to allow it through the firewall now.  Modify the block for SMTP (might have to create another rule to start after your IP) and adjust the existing block to stop before your IP.  Then add an allow for your IP only, but make sure you are not the infected computer first!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question