SMTP Port Control

Hello,

Can someone recommend the best way to ensure that only our email server IP can allow SMTP outgoing? I have a firebox x7503 running XTM 11.1 and all Windows XP/7 clients. Also, is there a way to scan for port 25 activity on the enitre network that could be recommended?

Thanks.
LVL 1
LCNWAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

puterg33kCommented:
Block port 25 at the firewall from everything except you mail server.  Depending on what type of firewall you have you can log any blocked traffic from this rule and will be able to see what other hosts are trying to relay mail

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
puterg33kCommented:
Here is an article on how to block outgoing traffic on a Watchguard firewall.
http://watchguard.custhelp.com/app/answers/detail/a_id/1886/kw/block%20outgoing%20smtp 

Also don't for get to create an outgoing policy for SMTp traffic from your email server.  Here is an article for how to setup an SMTP rule.  Just make sure in step 4 you setup the outgoing tab.

http://watchguard.custhelp.com/app/answers/detail/a_id/1750/kw/block%20outgoing%20smtp 


I'm not 100% on how the watchguard firewall work but you should always make sure to setup the allow policies first in the list as most firewall process the rules in order and a deny always overrides an allow if it comes first in the list
LCNWAuthor Commented:
I have an incoming and outgoing SMTP proxy rule in place already, so I guess I'm good there. How can I scan the interanl network and check for relays? Zenmap?
puterg33kCommented:
Try SuperScan http://www.foundstone.com/us/resources/termsofuse.asp?file=superscan4.zip 

Just put your internal IP range in the first screen and run it.  This will show you what ports are open on your machines.  You can fine tune the discovery on the second screen to only TCP port 25 if you are  only looking for mail servers.  

Just remember it is possible for a workstation to have the windows firewall turned on that may block this scan but it will give you a good idea of what is going on on your network.

Also take a look at the logs on your firewall it may log all of the blocked outgoing traffic
LCNWAuthor Commented:
I used NMap to scan for port 25 to check my clients. Thanks for the help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.