asked on
Stop External IP address relaying through Exchange on our Watchguard Firewall
Hi,
We've just found out our 2011 SBS Server has been sending out spam emails by their thousands. I've checked that there is no open relay in Exchange 2010 (and there isn't) and turned off all PC's on the network but the spam emails keep coming so pretty sure they are coming from the server. Have virus scanned the server and it seems clean. I've found that all the spam emails are all coming from the same external IP address.
The network is protected by a Watchguard XTM25 firewall. My question is can someone please talk a newcomer to Watchguards how to set up a way of blocking these emails coming in from that IP address on port 25?
Many thanks
Adam
We've just found out our 2011 SBS Server has been sending out spam emails by their thousands. I've checked that there is no open relay in Exchange 2010 (and there isn't) and turned off all PC's on the network but the spam emails keep coming so pretty sure they are coming from the server. Have virus scanned the server and it seems clean. I've found that all the spam emails are all coming from the same external IP address.
The network is protected by a Watchguard XTM25 firewall. My question is can someone please talk a newcomer to Watchguards how to set up a way of blocking these emails coming in from that IP address on port 25?
Many thanks
Adam
Hardware FirewallsExchangeSBSNetworking* SMTP
Last Comment
Alan
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi Alan,
The spam emails are in the smtp queue on the exchange server but when you open one from the queue it states that the source of the email was an external IP address, therefore the email is originating externally and going through the Exchange server I guess.
Masnrock and Mal, that's a good point I think I should get everyone to change their password just in case.
Ronin, thanks for your response unfortunately the links you sent don't tell me how to achieve what IO need to do, just take me to the help search. All the results I've found using that earlier were rather vague and unhelpful unfortunately.
The spam emails are in the smtp queue on the exchange server but when you open one from the queue it states that the source of the email was an external IP address, therefore the email is originating externally and going through the Exchange server I guess.
Masnrock and Mal, that's a good point I think I should get everyone to change their password just in case.
Ronin, thanks for your response unfortunately the links you sent don't tell me how to achieve what IO need to do, just take me to the help search. All the results I've found using that earlier were rather vague and unhelpful unfortunately.
Hi Adam,
Does that mean that they are 'stuck' in the queue?
Are you able to post the details from an example item (put it in code tags or paste into a txt file and post that - whatever is easiest).
Thanks,
Alan.
Does that mean that they are 'stuck' in the queue?
Are you able to post the details from an example item (put it in code tags or paste into a txt file and post that - whatever is easiest).
Thanks,
Alan.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Various options and solutions provided.
Please can you clarify. You say:
but also:
The first part implies the spam is being generated on your SBS2011, which will be an internal IP address, but the second part implies that the spam is being generated from some external IP address (not your SBS2011).
Please can you help me reconcile the two statements so we know what to look at?
Thanks,
Alan.