Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1082
  • Last Modified:

Sonicwall 240 Capture port 25 traffic

Hello All,

We were recently flagged on spamhaus and barracuda for our IP as a bot/spam.  I have ran a scan on all 15 machines in the office and removed the threat.  We are using a Sonicwall 240 firewall and I would like to know if anyone could guide me in the direction to setup a scan log on port 25 so that I may continue to monitor the traffic on this port to see if there is still a workstation that is infected.
0
Coupee46
Asked:
Coupee46
  • 4
  • 3
1 Solution
 
carlmdCommented:
Do you send mail directly via your isp, or do you have an exchange server or similar on your lan?
0
 
Coupee46Author Commented:
Hi Carl,

It is going through an exchange server 2007.
0
 
carlmdCommented:
You need to set up a rule on the Sonicwall that will only accept smtp traffic from the ip address of the Sonicwall, and block it from all other systems. If a pc is infected, it will at sometime send spam to the default gateway, which is most likely your Sonicwall.

If you do this it should end your problem if it is caused by an infected pc.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
Coupee46Author Commented:
Carl,

Did you mean to accept SMTP traffic from the IP address of the Exchange server?
0
 
carlmdCommented:
Yes, all your pc's should normalyl send mail to the exchange server only, and it sends it out to the world. If you stop the Sonicwall from accepting outgoing mail from everywhere but the exchange server, then you stop all other unwanted outgoing mail.

So the rule only accepts smtp from the ip address of the exchange server. You also need to add a rule to block port 25 for all other ip addresses.
0
 
Coupee46Author Commented:
Great, thank you.. I will do that now.  That makes sense!
0
 
Coupee46Author Commented:
thank you again!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now