Prev: my solution - P.S.
Next: Microsoft Exchange Server reported error 0x8004010F operation fail
From: eggedd2k on 6 Aug 2010 06:29
I have recently read that a best practice on the network was to block
port 25 on all workstations that connect to the exchange box. The
exchange server should be the only computer allowing smtp port 25
traffic, therefore reducing the chance of a mass-mailing worm to do
its magic on a workstation, invoke its own smtp service, and send out
spam. Workstations would still be allowed to send out mail via
Exchange and Outlook, but no port 25 traffic on the individual
machines

My domain controller is SBS 2008 with Exchange 2007. The client
workstations are mostly XP with a couple of Windows 7 systems.

There's the Security section within the SBS Console however I can't
figure out how to put a block on all workstations from sending port 25
outbound traffic.

Can anyone help?
From: James Hurrell "j_a_hurrell at hotmail on 6 Aug 2010 07:36
On 06/08/2010 11:29, eggedd2k wrote:
> I have recently read that a best practice on the network was to block
> port 25 on all workstations that connect to the exchange box. The
> exchange server should be the only computer allowing smtp port 25
> traffic, therefore reducing the chance of a mass-mailing worm to do
> its magic on a workstation, invoke its own smtp service, and send out
> spam. Workstations would still be allowed to send out mail via
> Exchange and Outlook, but no port 25 traffic on the individual
> machines
>
> My domain controller is SBS 2008 with Exchange 2007. The client
> workstations are mostly XP with a couple of Windows 7 systems.
>
> There's the Security section within the SBS Console however I can't
> figure out how to put a block on all workstations from sending port 25
> outbound traffic.
>
> Can anyone help?

Why don't you do this at your edge firewall device? Block the network's
entire IP address range for outbound from any port to port 25 outbound
and then specifically allow only the SBS IP address to make outgoing
SMTP connections...
From: eggedd2k on 6 Aug 2010 08:47
I already thought of that however:-

My setup is as follows:


Workstations
------------------------------------------Switch ------- Webserver
(win2k rras nat) ------- ISP provided Router/Firewall
Servers (dc/exchange)


As far as I'm aware rras (nat) on win2k doesn't allow blocking of
individual addresses. Of course the traffic seen by the isp router/
firewall is that of the webserver only.
From: eggedd2k on 6 Aug 2010 08:48
that didn't display correctly.

my setup is as follows:

servers and workstations connect to switch and access the internet via
a win2k rras nat box which connects to our isp provided router/
firewall. the traffic seen by the isp router/firewall is only that of
the webserver (because we're using nat).
From: Cris Hanna [SBS - MVP] on 6 Aug 2010 10:44
You should check to see if the ISP can configure the firewall to only allow 25 from one IP (the SBS 2008 box)

--
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

"eggedd2k" <eggedd2k(a)gmail.com> wrote in message news:cd4bc1de-157c-44ab-85e5-20b715fe6e24(a)j8g2000yqd.googlegroups.com...
that didn't display correctly.

my setup is as follows:

servers and workstations connect to switch and access the internet via
a win2k rras nat box which connects to our isp provided router/
firewall. the traffic seen by the isp router/firewall is only that of
the webserver (because we're using nat).
 | 
Pages: 1
Prev: my solution - P.S.
Next: Microsoft Exchange Server reported error 0x8004010F operation fail