On 28 Jul 2008 at 17:23, Dennis Hoefer wrote: > Open Policy Manager on theWatchguard 700, youwill have either a proxy or > filter policy for SMTP. On the "Outgoing" tab, set From: to the IP address > of your mail server and To: to "all" The default rule is all to all, which > will allow traffic from port 25 to pass from any machine on your network. By > setting From: to only your mail server IP, you will block any internal > machines that may be attempting to send SMTP traffic on their own.You can > also set the rule to log denied traffic which will quickly identify internal > machines that areattempting to use port 25.
If there's any way to log attempts to use port 25, do that as well, then you can figure out which machine(s) are trying to send. I implemented just such a pair of IPTABLES rules on an IPCop firewall for a client-of-a-colleague who kept getting blacklisted and we discovered a forgotten box on a Frame Relay line from a remote site which she wasn't aware of when she checked 'all' the computers for infections. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +-----------------------------------+ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
