Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1850
Views
0
Helpful
2
Replies

RV042 Port 25 restriction

aaron0002
Level 1
Level 1

‎06-28-2013 01:02 PM

   I Suspect a client in our network may be infected with a virus that is sending spam through SMTP port 25. I need to block outgoing traffic on port 25 to all workstations besides my exchange server.  Can anyone help with this? We are using the Cisco RV042 Router

Labels:
0 Helpful
2 Replies 2

chrebert
Level 4
Level 4

‎06-29-2013 11:58 PM

Hello Aaron,

You can block traffic on port 25 using access rules.

On the admin page for the RV042 go to Firewall >> Access Rules.

If you like you can block SMTP traffic from everyone on the network except your exchange server.

You would need 2 access rules to do this:

Add a new rule

Rule 1:

Action will be Allow

Service will be SMTP

Source interface will be LAN

Source IP will be your exchange servers IP

Destination will be ANY

Rule 2:

Action will be deny

Servvice: SMTP

Source inteface: LAN

Source IP: range, enter your LANs subnet, or just the range of people you want to block

Destination will be ANY

This will block SMTP traffic from anyone on your LAN except your Exchange server.

You can also just block the single user by setting a deny rule for SMTP, interface LAN, source IP the client PC, Destination any.

As with any security changes, make sure you test a few e-mail clients and the exchange server to make sure nothing breaks there, but these rules should accomplish what you are trying to do.

Thank you for choosing Cisco,

Christopher Ebert

----

Network Support Engineer - Cisco Small Business Support Center

0 Helpful

kanderson
Level 1
Level 1
In response to chrebert

‎02-07-2014 10:43 AM

I have a similar problem with a litttle different wrinkle.  My client's email is handled through an ISPs mail server.  The public ip address of the router (RVO42) has been spaming and they are listed on various sites.  I wasn't aware that even if your mail server is hosted by an ISP, spam coming from your "on site" ip and not even directed at the ISPs mail server can still result in your getting black listed. So my question is, similar to the above, but goes like this....  Can  all outbound port 25 traffic not directed at  the ISP mail server be blocked? That is can an access rule be setup that permits only port 25 traffic bound for the ISP mail server?

I hope there is a good answer to this because otherwise we will have to (I guess?)  touch every machine on the network to see what is sending out spam.

0 Helpful
Customers Also Viewed These Support Documents