Juniper Netscreen SSG20

We have Juniper Netscreen SSG20 and have been blacklisted at spam haus. The exchange queues are clear. How do i on the netscreen look at the outgoing connections on Port 25.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sanga CollinsSystems AdminCommented:
If you create a policy from trust to untrust with the source IP as your email server, the protocol as sMTP and the desitination as "all", you can enable logging on this policy to keep track of all outbound SMTP connections on port 25.
techies123Author Commented:
Thanks but I am looking for Malware. So traffic not from the server
Sanga CollinsSystems AdminCommented:
Ok so instead of using the mail server as the source IP address in the policy you can use "Any" instead. Immediately below this policy, create a new one with the exact same settings, except choose Deny for the action on the traffic. This way all SMTP outbound traffic will be captured and logged in one or the other policy.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MSSPs - Are you paying too much?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

techies123Author Commented:
Thanks for that, i set up a mirror port on switch to mirror Juniper port. Then pluuged a laptop into that port and set up wireshark with SMTP filter.Currently only seeing Exchange server traffic. I suspect it is a contractor using the clients WIFI! we will find them
Sanga CollinsSystems AdminCommented:
Ohhh the pursuit of wifi bandits!!! LOLOL I play this game with my clients as well. It can be fun and frustrating at the same time. Good Luck!
You could setup ffilters in the firewall that capture only traffic on port 25.  From the cli use the following commands.

To clear previous captures:
clear db

To create the ffilter:
set ff dst-port 25

To check ffilter:
get ff

to start the capture:
debug flow basic

To stop the capture:
undebug all

To see the results of the capture:
get db str
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.