02-11-2014 12:11 PM
I am having issues with my public IP being black listed. This is something new, but the Comcast rep tells me they are seeing this more and more. It seems that even if you aren't hosting your own email server, even your public IP at your location is carried in the message header and is subject to being blacklisted. With that in mind, it looks as though I am going to have to start blocking port 25 for all outbound traffic with the exception of traffic bound for the hosted email server (SMTP) out on the Internet. Can this be done in the RVO42 and RVO82?
Looking forward to an answer to this and as I say, it sounds like this is something we all will have to start doing.
02-11-2014 12:27 PM
Kevin
Under Firewall-> Access Rules you can create a rule to block outbound traffic from your LAN to the WAN.
A better idea might be to run anti-malware/spam software on your computers to find out which one is sending SPAM. I had an issue like this several years ago and found that one of my PCs was sending thousands of SPAM emails per minute to random email addresses. I installed Norton Internet Security and it took care of it but it took a while.
- Marty
02-11-2014 04:27 PM
Most ISP's, the people that provide your internet connection, most likely already block port 25 unless the email is being routed through their SMTP server anyway. Plus there are other ports being used lik 465, 595, etc as alternate ports since ISP's tend to block 25. The problem is likely on the PC of valid recipients which has spyware, malware that's been downloaded on it that read the incoming email header and contact list data. Blocking port 25 on your router won't realistically accomplish anything.
02-11-2014 04:55 PM
viningele,
I agree, I would focus on the device that is sending the SPAM.
- Marty
02-17-2014 12:06 PM
It has been about a week and my customer is de-listed by all the spam sites I can find. I have changed the port that they use to send email to their mail server out on the Internet and have blocked port 25 for all outbound traffic. We also did scan all machines on the network and never found anything that seemed like the source of the spam. Nevertheless, one site I looked at reported the last instance of outbound spam on the same day that I blocked port 25. It would still be interesting to know if the RVOs can permit port 25 traffic to only one IP on the Internet. Oh, and for residential cable yes, I have seen where ISPs block port 25 but for commerical Internet as is the case here, they can't really do that or it would shut down mail servers at customer's location. It would also cause a problem if email were hosted on another provider out on the Internet as well.
02-17-2014 12:12 PM
Kevin,
Create two Access Rules. The first one blocks all outbound traffic on port 25 and the second one allows outbound traffic on port 25 ONLY to a single destination IP. The second rule will override the first rule for that one IP.
- Marty
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide