Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sonicwall 240 Capture port 25 traffic

Posted on 2013-06-24
7
Medium Priority
?
1,075 Views
Last Modified: 2013-06-24
Hello All,

We were recently flagged on spamhaus and barracuda for our IP as a bot/spam.  I have ran a scan on all 15 machines in the office and removed the threat.  We are using a Sonicwall 240 firewall and I would like to know if anyone could guide me in the direction to setup a scan log on port 25 so that I may continue to monitor the traffic on this port to see if there is still a workstation that is infected.
0
Comment
Question by:Coupee46
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 39272695
Do you send mail directly via your isp, or do you have an exchange server or similar on your lan?
0
 
LVL 1

Author Comment

by:Coupee46
ID: 39272811
Hi Carl,

It is going through an exchange server 2007.
0
 
LVL 20

Expert Comment

by:carlmd
ID: 39272872
You need to set up a rule on the Sonicwall that will only accept smtp traffic from the ip address of the Sonicwall, and block it from all other systems. If a pc is infected, it will at sometime send spam to the default gateway, which is most likely your Sonicwall.

If you do this it should end your problem if it is caused by an infected pc.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:Coupee46
ID: 39272938
Carl,

Did you mean to accept SMTP traffic from the IP address of the Exchange server?
0
 
LVL 20

Accepted Solution

by:
carlmd earned 2000 total points
ID: 39273049
Yes, all your pc's should normalyl send mail to the exchange server only, and it sends it out to the world. If you stop the Sonicwall from accepting outgoing mail from everywhere but the exchange server, then you stop all other unwanted outgoing mail.

So the rule only accepts smtp from the ip address of the exchange server. You also need to add a rule to block port 25 for all other ip addresses.
0
 
LVL 1

Author Comment

by:Coupee46
ID: 39273071
Great, thank you.. I will do that now.  That makes sense!
0
 
LVL 1

Author Closing Comment

by:Coupee46
ID: 39273073
thank you again!
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question