General discussion


spamming within network

By elemzy ·
hi all,
i have a network of about 120 systems behind an Microsoft ISA server. i have blocked all ports except the necessary ones. i keep getting complaints from my ISP about spamming from the ISA IP. i believe its a client machine which could be infected with virus, thus runing smpt engine. i cant block port 25 on the ISA cos it would prevent clients from popping mails from our mail server which is on the Internet.
Anyone with a suggestion of what could be done.?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by drsysadmin In reply to spamming within network

May or may not be helpful. I am getting ready to set up ISA myself, so this may not be possible with it. Can you configure ISA to only accept SMTP from a specific machine IP, or IP's? Similiar to an ACL? If so, configure ISA to accept SMTP traffic, but only if its from your designated mail server or servers.

Also - run a port scanner on the ISA box (checking the INTERNAL Nic) and see what machines are sending out smtp traffic. That will help track down your broadcasting box, especially if its not a valid (known) email server.

One last thing, check to make sure your not being used as an open relay on your email servers, as well as ensuring that you don't have an account that is authenticating to your network from the outside and thus "legitmately" using your email system to spam.

Good Luck

Collapse -

by Nico Baggus In reply to spamming within network

As the previous answer, but you know where to
send SMTP mail,
so block generic SMTP send execpt for the
destination of your internet providers mail
servers. That should block some spam.

Also make sure you have some kind of logging
enabled for all SMTP sessions. That should at
least give you a clue from where spam is sent.

Also use tools like ad-aware and spybot s&d and
hijack on your systems as well as a virus scanner
to rpevent/detect other malicious tools on them.
ad-aware will detect different stuf than spybot
will and hijack looks at your system in a whole
different way.

Kind regards,

Related Discussions

Related Forums