SMTP Port Control
Hello,
Can someone recommend the best way to ensure that only our email server IP can allow SMTP outgoing? I have a firebox x7503 running XTM 11.1 and all Windows XP/7 clients. Also, is there a way to scan for port 25 activity on the enitre network that could be recommended?
Thanks.
Can someone recommend the best way to ensure that only our email server IP can allow SMTP outgoing? I have a firebox x7503 running XTM 11.1 and all Windows XP/7 clients. Also, is there a way to scan for port 25 activity on the enitre network that could be recommended?
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have an incoming and outgoing SMTP proxy rule in place already, so I guess I'm good there. How can I scan the interanl network and check for relays? Zenmap?
Try SuperScan http://www.foundstone.com/us/resources/termsofuse.asp?file=superscan4.zip
Just put your internal IP range in the first screen and run it. This will show you what ports are open on your machines. You can fine tune the discovery on the second screen to only TCP port 25 if you are only looking for mail servers.
Just remember it is possible for a workstation to have the windows firewall turned on that may block this scan but it will give you a good idea of what is going on on your network.
Also take a look at the logs on your firewall it may log all of the blocked outgoing traffic
Just put your internal IP range in the first screen and run it. This will show you what ports are open on your machines. You can fine tune the discovery on the second screen to only TCP port 25 if you are only looking for mail servers.
Just remember it is possible for a workstation to have the windows firewall turned on that may block this scan but it will give you a good idea of what is going on on your network.
Also take a look at the logs on your firewall it may log all of the blocked outgoing traffic
ASKER
I used NMap to scan for port 25 to check my clients. Thanks for the help.
http://watchguard.custhelp.com/app/answers/detail/a_id/1886/kw/block%20outgoing%20smtp
Also don't for get to create an outgoing policy for SMTp traffic from your email server. Here is an article for how to setup an SMTP rule. Just make sure in step 4 you setup the outgoing tab.
http://watchguard.custhelp.com/app/answers/detail/a_id/1750/kw/block%20outgoing%20smtp
I'm not 100% on how the watchguard firewall work but you should always make sure to setup the allow policies first in the list as most firewall process the rules in order and a deny always overrides an allow if it comes first in the list