Stop External IP address relaying through Exchange on our Watchguard Firewall
We've just found out our 2011 SBS Server has been sending out spam emails by their thousands. I've checked that there is no open relay in Exchange 2010 (and there isn't) and turned off all PC's on the network but the spam emails keep coming so pretty sure they are coming from the server. Have virus scanned the server and it seems clean. I've found that all the spam emails are all coming from the same external IP address.
The network is protected by a Watchguard XTM25 firewall. My question is can someone please talk a newcomer to Watchguards how to set up a way of blocking these emails coming in from that IP address on port 25?
Please can you clarify. You say:
The first part implies the spam is being generated on your SBS2011, which will be an internal IP address, but the second part implies that the spam is being generated from some external IP address (not your SBS2011).
Please can you help me reconcile the two statements so we know what to look at?