Stop Outgoing SMTP Traffic on Firebox Edge x10e

Hello Experts,

After a blacklisting I have configured my Watchguard to only allow outbound port 25 from the Exchange server.  I have tested this from a client PC using telnet but am still allowed to connect to a remote email server.  I am going wrong with the configuration of the firewall or the testing (ie would telnet still show port 23?)  On the Watchguard I configured SMTP (outgoing) by removing ANY and putting in the internet IP of the server.

Thanks

Centechs
CenTechsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kenternCommented:
Are you running 10.x or 11.x on your X10e

Are you sure there isn't a rule saying allow smtp or "any" traffic from any-internal to any-external before your deny rule? When you did your telnet, did you type telnet <destination :25 ? Otherwise it defaults to port 23 which seems to be open at your side.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kenternCommented:
Formatting error in previous message, should be:

telnet destination 25

to connect at port 25
0
CenTechsAuthor Commented:
Hi guys,

Kentern - not sure of the OS level, there is an enable all by any rule but I wasn't completely sure of the priority order on a Watchguard, presumably this is the problem.  Can I check a breakdown of rules in their order somehow on the device? (ie like ISA or Fortigate stuff?).  I take it this Outgoing - Allowed - by Any will take precedence over all other rules?

I am using telnet correctly, as long as full "emulation" happens at the application layer in the eye of a firewall as I suspect it would do if I checked the logs

Thanks

Centechs
0
CenTechsAuthor Commented:
removed the allow all and replaced with entries for each required protocol

thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.