Hi
Our IP address has been blacklisted.
I would like to block smtp traffic from the local PC's  from getting out of
the network, with the exception of the mail servers of course. How exactly
do I do this in RRAS ?
We use SBS 2003 with exchange. IP range is 192.168.16.0. At the moment the
only rule that is set on NAT is on the internet NIC Outbound traffice Allow
All with exception 192.168.16.0 - Any   Any
And is there a way to see which PC is causing the spam

Thanks in advance

Hello Leon,

The spam caming out of your network, is it originating form
u***@yourdomain.com? or from some other source.
Because a user can still use your IP as a launch for distributing Spam with
out using you m***@doamin.com. Get a copy of teh spam message and look at
the complete header for clues,

Isaac

Show quoteHide quote

Show quote Hide quote On the SBS you can install an IP sniffer such as Microsoft NetMon, or any 3rd party sniffers such as Wireshark and monitor the internal NIC for port 25 traffic going to it.

As for blocking any internal machine spewing port 25 traffic, many of the current AV software have default features to block SMTP traffic, among other things. For example, all of my customers use McAfee Enterprise, and one of the default features is it prevents mass mailers on each client. It can be configured centrally or individually by rules and policies, or individually by overriding the rules on the client by an administrator. Of course the copy on the server has rules to allow the Exchange server to send out port 25, as well as McAfee GroupShieled for Exchange to control viruses, etc.

Otherwise, if you don't have any AV software on the client machines, or the versions you have do not have this feature (if so, I suggest upgrading for complete protection and peace of mind), you can create a rule on the internal NIC using RRAS filters to deny port 25 traffic going to the internal NIC.

How do I create a rule on the internal NIC using RRAS filters to deny port
25 traffic going to the internal NIC ?
Do I create it in inbound or outbound ? My domain IP is 192.168.16.0
Please give details


thanks


Show quoteHide quoteOn the SBS you can install an IP sniffer such as Microsoft NetMon, or any
3rd party sniffers such as Wireshark and monitor the internal NIC for port
25 traffic going to it.

As for blocking any internal machine spewing port 25 traffic, many of the
current AV software have default features to block SMTP traffic, among other
things. For example, all of my customers use McAfee Enterprise, and one of
the default features is it prevents mass mailers on each client. It can be
configured centrally or individually by rules and policies, or individually
by overriding the rules on the client by an administrator. Of course the
copy on the server has rules to allow the Exchange server to send out port
25, as well as McAfee GroupShieled for Exchange to control viruses, etc.

Otherwise, if you don't have any AV software on the client machines, or the
versions you have do not have this feature (if so, I suggest upgrading for
complete protection and peace of mind), you can create a rule on the
internal NIC using RRAS filters to deny port 25 traffic going to the
internal NIC.

You would create it inbound on the internal interface, which means traffic will be controlled coming from the internal network to the interface. The following article shows an example of setting up a filter on a RRAS interface to allow ICMP. You are working with port 25 traffic, so just make the adjustments. Understand the settings before making any changes.

Configuring RRAS Filters to Permit a One-Way Ping
http://support.microsoft.com/kb/181347

and another example with diagrams...

Chapter 3 - Administering Routing and Remote Access Service
http://technet.microsoft.com/en-us/library/cc751172.aspx

and another...
Configuring RRAS Packet Filters
http://tinyurl.com/qj2hnt

(or the full URL for the above link):
http://books.google.com/books?id=CNqM10KiFFQC&pg=RA1-PA855&lpg=RA1-PA855&dq=RRAS+configure+filters&source=bl&ots=FZX0Uk4Du0&sig=U0pK0nv8y9-MWIgKV8vu9jhZjBo&hl=en&ei=HNsdSp_aNOWFmQedt6XBBg&sa=X&oi=book_result&ct=result&resnum=3

Ace

I am still new to this. I installed netmon 3.2. What filter do I use to
filter smtp packets. Do you have the steps ?

thanks


Show quoteHide quoteOn the SBS you can install an IP sniffer such as Microsoft NetMon, or any
3rd party sniffers such as Wireshark and monitor the internal NIC for port
25 traffic going to it.

As for blocking any internal machine spewing port 25 traffic, many of the
current AV software have default features to block SMTP traffic, among other
things. For example, all of my customers use McAfee Enterprise, and one of
the default features is it prevents mass mailers on each client. It can be
configured centrally or individually by rules and policies, or individually
by overriding the rules on the client by an administrator. Of course the
copy on the server has rules to allow the Exchange server to send out port
25, as well as McAfee GroupShieled for Exchange to control viruses, etc.

Otherwise, if you don't have any AV software on the client machines, or the
versions you have do not have this feature (if so, I suggest upgrading for
complete protection and peace of mind), you can create a rule on the
internal NIC using RRAS filters to deny port 25 traffic going to the
internal NIC.

The steps are somewhat involved. The following article should help with using NetMon.

How do I use Microsoft Network Monitor (Netmon.exe) to capture network traffic?
http://support.microsoft.com/?id=812953

Ace

way migate to new computer?
Windows Server 2K8 - Profile Error
need to change IE security levels for LOCAL users on Win 2k3 Serve
virusscanner
printmig.exe, W2003 x64, sharing....
Multiple IPs, Virtual PC
Re: iSCSI target in Windows 2008
server 2008 R2 backup 81000101
NTFS permissions
How to release folders permission?