Solved

Sonicwall 240 Capture port 25 traffic

Posted on 2013-06-24
7
1,051 Views
Last Modified: 2013-06-24
Hello All,

We were recently flagged on spamhaus and barracuda for our IP as a bot/spam.  I have ran a scan on all 15 machines in the office and removed the threat.  We are using a Sonicwall 240 firewall and I would like to know if anyone could guide me in the direction to setup a scan log on port 25 so that I may continue to monitor the traffic on this port to see if there is still a workstation that is infected.
0
Comment
Question by:Coupee46
  • 4
  • 3
7 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 39272695
Do you send mail directly via your isp, or do you have an exchange server or similar on your lan?
0
 
LVL 1

Author Comment

by:Coupee46
ID: 39272811
Hi Carl,

It is going through an exchange server 2007.
0
 
LVL 20

Expert Comment

by:carlmd
ID: 39272872
You need to set up a rule on the Sonicwall that will only accept smtp traffic from the ip address of the Sonicwall, and block it from all other systems. If a pc is infected, it will at sometime send spam to the default gateway, which is most likely your Sonicwall.

If you do this it should end your problem if it is caused by an infected pc.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Coupee46
ID: 39272938
Carl,

Did you mean to accept SMTP traffic from the IP address of the Exchange server?
0
 
LVL 20

Accepted Solution

by:
carlmd earned 500 total points
ID: 39273049
Yes, all your pc's should normalyl send mail to the exchange server only, and it sends it out to the world. If you stop the Sonicwall from accepting outgoing mail from everywhere but the exchange server, then you stop all other unwanted outgoing mail.

So the rule only accepts smtp from the ip address of the exchange server. You also need to add a rule to block port 25 for all other ip addresses.
0
 
LVL 1

Author Comment

by:Coupee46
ID: 39273071
Great, thank you.. I will do that now.  That makes sense!
0
 
LVL 1

Author Closing Comment

by:Coupee46
ID: 39273073
thank you again!
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question