Preventing an internal spammer - E-Bitz - SBS MVP the Official Blog of the SBS "Diva"
Avagy: a spammerek már a spájzban vannak.
So what can you do to proactively prevent a client's workstation to be turned into a spam spewing beast?
Les Connor and ISA Server 2004 once again to the rescue:
He builds a rule to deny any port 25 transmissions from anything other than the server itself and an internal scanner.
Action: Deny, log requests
Protocols: Selected : SMTP
From: The lan (defined IP address range)
Exceptions: SBS, Printer and Scanner IP's, which are defined specific IP
addresses.
To: Anywhere (pre-existing destination)
Users: All
Schedule: Always
Caveat, this blocks the use of telnet <external host> 25 from any local
machine for troubleshooting purposes, so beware of this if you use it on
your *own* network for testing SMTP.
You might also want to build an alert rule when this deny rule kicks in as it would be a sign of infestation.
Preventing an internal spammer - E-Bitz - SBS MVP the Official Blog of the SBS "Diva"