Solved

Sonicwall 240 Capture port 25 traffic

Posted on 2013-06-24
7
1,037 Views
Last Modified: 2013-06-24
Hello All,

We were recently flagged on spamhaus and barracuda for our IP as a bot/spam.  I have ran a scan on all 15 machines in the office and removed the threat.  We are using a Sonicwall 240 firewall and I would like to know if anyone could guide me in the direction to setup a scan log on port 25 so that I may continue to monitor the traffic on this port to see if there is still a workstation that is infected.
0
Comment
Question by:Coupee46
  • 4
  • 3
7 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 39272695
Do you send mail directly via your isp, or do you have an exchange server or similar on your lan?
0
 
LVL 1

Author Comment

by:Coupee46
ID: 39272811
Hi Carl,

It is going through an exchange server 2007.
0
 
LVL 20

Expert Comment

by:carlmd
ID: 39272872
You need to set up a rule on the Sonicwall that will only accept smtp traffic from the ip address of the Sonicwall, and block it from all other systems. If a pc is infected, it will at sometime send spam to the default gateway, which is most likely your Sonicwall.

If you do this it should end your problem if it is caused by an infected pc.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:Coupee46
ID: 39272938
Carl,

Did you mean to accept SMTP traffic from the IP address of the Exchange server?
0
 
LVL 20

Accepted Solution

by:
carlmd earned 500 total points
ID: 39273049
Yes, all your pc's should normalyl send mail to the exchange server only, and it sends it out to the world. If you stop the Sonicwall from accepting outgoing mail from everywhere but the exchange server, then you stop all other unwanted outgoing mail.

So the rule only accepts smtp from the ip address of the exchange server. You also need to add a rule to block port 25 for all other ip addresses.
0
 
LVL 1

Author Comment

by:Coupee46
ID: 39273071
Great, thank you.. I will do that now.  That makes sense!
0
 
LVL 1

Author Closing Comment

by:Coupee46
ID: 39273073
thank you again!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now