Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
801
Views
0
Helpful
5
Replies

RVO42 PORT 25

kanderson
Level 1
Level 1

‎02-11-2014 12:11 PM

I am having issues with my public IP being black listed.  This is something new, but the Comcast rep tells me they are seeing this more and more.  It seems that even if you aren't hosting your own email server, even your public IP at your location is carried in the message header and is subject to being blacklisted. With that in mind,  it looks as though I am going to have to start blocking port 25 for all outbound traffic with the exception of traffic bound for the  hosted email server (SMTP) out on the Internet.  Can this be done in the RVO42 and RVO82?

Looking forward to an answer to this and as I say, it sounds like this is something we all will have to start doing.              

Labels:
0 Helpful
5 Replies 5

mpyhala
Level 7
Level 7

‎02-11-2014 12:27 PM

Kevin

Under Firewall-> Access Rules you can create a rule to block outbound traffic from your LAN to the WAN.

A better idea might be to run anti-malware/spam software on your computers to find out which one is sending SPAM. I had an issue like this several years ago and found that one of my PCs was sending thousands of SPAM emails per minute to random email addresses. I installed Norton Internet Security and it took care of it but it took a while.

- Marty

0 Helpful

viningele
Level 3
Level 3
In response to mpyhala

‎02-11-2014 04:27 PM

Most ISP's, the people that provide your internet connection, most likely already block port 25 unless the email is being routed through their SMTP server anyway.   Plus there are other ports being used lik 465, 595, etc as alternate ports since ISP's tend to block 25.  The problem is likely on the PC of valid recipients which has spyware, malware that's been downloaded on it that read the incoming email header and contact list data.  Blocking port 25 on your router won't realistically accomplish anything.

0 Helpful

mpyhala
Level 7
Level 7
In response to viningele

‎02-11-2014 04:55 PM

viningele,

I agree, I would focus on the device that is sending the SPAM.

- Marty

0 Helpful

kanderson
Level 1
Level 1
In response to mpyhala

‎02-17-2014 12:06 PM

It has been about a week and my customer is de-listed by all the spam sites I can find.  I have changed the port that they use to send email to their mail server out on the Internet and have blocked port 25 for all outbound traffic.  We also did scan all machines on the network and never found anything that seemed like the source of the spam. Nevertheless, one site I looked at reported the last instance of outbound spam on the same day that I blocked port 25. It would still be interesting to know if the RVOs can permit port 25 traffic to only one IP on the Internet. Oh, and for residential cable yes, I have seen where ISPs  block port 25 but for commerical Internet as is the case here, they can't really do that or it would shut down mail servers at  customer's location. It would also cause a problem if email were hosted on another provider out on the Internet as well.

0 Helpful

mpyhala
Level 7
Level 7
In response to kanderson

‎02-17-2014 12:12 PM

Kevin,

Create two Access Rules. The first one blocks all outbound traffic on port 25 and the second one allows outbound traffic on port 25 ONLY to a single destination IP. The second rule will override the first rule for that one IP.

- Marty

0 Helpful
Customers Also Viewed These Support Documents