• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1754
  • Last Modified:

How to log SMTP traffic on a Sonicwall TZ200

The external IP address for a client of ours has been added to several email RBLs.  The client runs a mailserver for sending out legitimate email->SMS traffic and the RBLs are getting them blocked.  I suspect that one or more PCs on the network is infected and sending out mail traffic of it's own.

Is there a way for me to log outgoing SMTP traffic on a per-IP basis using their Sonicwall TZ200?  It's running "SonicOS Enhanced 5.6.0.10-52o"
0
lesssolutions
Asked:
lesssolutions
2 Solutions
 
strivoliCommented:
The rule allowing SMTP should have an option to log traffic (usually, by default the log is not set). Modify the rule in order to log traffic. Set the Sonicwall to send logs to a Syslog Daemon (might be a linux or a win box). Inspect the logs using a viewer from the linux or win box.
0
 
Syed_M_UsmanCommented:
Dear,

in mail server envoirment you have to protect your SMTP traffic by allowing "ONLY" mail server... you need to create two rules by allowing SMTP traffic only for email server and deny all smtp traffic for other hosts... this will prevent any other Fake or infected host sending SMTP traffic outside...
 
logon to SNA> Network >Address Objects>Add>
Name: O_Exchange
Zone Assignment: LAN
Type: HOST
IP Address: YOUR EXCHANGE IP, ok

Go to Firewall > Access Rules (LAN > WAN)>Add
Action: DENY
Service: SMTP (Send email)
Source: ANY
Destination: Any
Users Allowed: All, ok
Above Rule will prevent any fake user/email server sending email outside.

Go to Firewall > Access Rules (LAN > WAN)>Add
Action: Allow
Service: SMTP (Send email)
Source: O_Exchange
Destination: Any
Users Allowed: All, ok
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now