• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1089
  • Last Modified:

Sonicwall 240 Capture port 25 traffic

Hello All,

We were recently flagged on spamhaus and barracuda for our IP as a bot/spam.  I have ran a scan on all 15 machines in the office and removed the threat.  We are using a Sonicwall 240 firewall and I would like to know if anyone could guide me in the direction to setup a scan log on port 25 so that I may continue to monitor the traffic on this port to see if there is still a workstation that is infected.
0
Coupee46
Asked:
Coupee46
  • 4
  • 3
1 Solution
 
carlmdCommented:
Do you send mail directly via your isp, or do you have an exchange server or similar on your lan?
0
 
Coupee46Author Commented:
Hi Carl,

It is going through an exchange server 2007.
0
 
carlmdCommented:
You need to set up a rule on the Sonicwall that will only accept smtp traffic from the ip address of the Sonicwall, and block it from all other systems. If a pc is infected, it will at sometime send spam to the default gateway, which is most likely your Sonicwall.

If you do this it should end your problem if it is caused by an infected pc.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Coupee46Author Commented:
Carl,

Did you mean to accept SMTP traffic from the IP address of the Exchange server?
0
 
carlmdCommented:
Yes, all your pc's should normalyl send mail to the exchange server only, and it sends it out to the world. If you stop the Sonicwall from accepting outgoing mail from everywhere but the exchange server, then you stop all other unwanted outgoing mail.

So the rule only accepts smtp from the ip address of the exchange server. You also need to add a rule to block port 25 for all other ip addresses.
0
 
Coupee46Author Commented:
Great, thank you.. I will do that now.  That makes sense!
0
 
Coupee46Author Commented:
thank you again!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now