Juniper Netscreen SSG20

We have Juniper Netscreen SSG20 and have been blacklisted at spam haus. The exchange queues are clear. How do i on the netscreen look at the outgoing connections on Port 25.
Who is Participating?
Sanga CollinsConnect With a Mentor Systems AdminCommented:
Ok so instead of using the mail server as the source IP address in the policy you can use "Any" instead. Immediately below this policy, create a new one with the exact same settings, except choose Deny for the action on the traffic. This way all SMTP outbound traffic will be captured and logged in one or the other policy.
Sanga CollinsSystems AdminCommented:
If you create a policy from trust to untrust with the source IP as your email server, the protocol as sMTP and the desitination as "all", you can enable logging on this policy to keep track of all outbound SMTP connections on port 25.
techies123Author Commented:
Thanks but I am looking for Malware. So traffic not from the server
Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.

techies123Author Commented:
Thanks for that, i set up a mirror port on switch to mirror Juniper port. Then pluuged a laptop into that port and set up wireshark with SMTP filter.Currently only seeing Exchange server traffic. I suspect it is a contractor using the clients WIFI! we will find them
Sanga CollinsSystems AdminCommented:
Ohhh the pursuit of wifi bandits!!! LOLOL I play this game with my clients as well. It can be fun and frustrating at the same time. Good Luck!
You could setup ffilters in the firewall that capture only traffic on port 25.  From the cli use the following commands.

To clear previous captures:
clear db

To create the ffilter:
set ff dst-port 25

To check ffilter:
get ff

to start the capture:
debug flow basic

To stop the capture:
undebug all

To see the results of the capture:
get db str
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.