06-28-2013 01:02 PM
I Suspect a client in our network may be infected with a virus that is sending spam through SMTP port 25. I need to block outgoing traffic on port 25 to all workstations besides my exchange server. Can anyone help with this? We are using the Cisco RV042 Router
06-29-2013 11:58 PM
Hello Aaron,
You can block traffic on port 25 using access rules.
On the admin page for the RV042 go to Firewall >> Access Rules.
If you like you can block SMTP traffic from everyone on the network except your exchange server.
You would need 2 access rules to do this:
Add a new rule
Rule 1:
Action will be Allow
Service will be SMTP
Source interface will be LAN
Source IP will be your exchange servers IP
Destination will be ANY
Rule 2:
Action will be deny
Servvice: SMTP
Source inteface: LAN
Source IP: range, enter your LANs subnet, or just the range of people you want to block
Destination will be ANY
This will block SMTP traffic from anyone on your LAN except your Exchange server.
You can also just block the single user by setting a deny rule for SMTP, interface LAN, source IP the client PC, Destination any.
As with any security changes, make sure you test a few e-mail clients and the exchange server to make sure nothing breaks there, but these rules should accomplish what you are trying to do.
Thank you for choosing Cisco,
Christopher Ebert
----
Network Support Engineer - Cisco Small Business Support Center
02-07-2014 10:43 AM
I have a similar problem with a litttle different wrinkle. My client's email is handled through an ISPs mail server. The public ip address of the router (RVO42) has been spaming and they are listed on various sites. I wasn't aware that even if your mail server is hosted by an ISP, spam coming from your "on site" ip and not even directed at the ISPs mail server can still result in your getting black listed. So my question is, similar to the above, but goes like this.... Can all outbound port 25 traffic not directed at the ISP mail server be blocked? That is can an access rule be setup that permits only port 25 traffic bound for the ISP mail server?
I hope there is a good answer to this because otherwise we will have to (I guess?) touch every machine on the network to see what is sending out spam.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide