Also, once you have the deny rule in place, log denied packets, that will tell what machine is infected
Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07949 255062 E:[EMAIL PROTECTED] W:www.cetv-net.com -----Original Message----- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: 19 August 2008 14:24 To: MS-Exchange Admin Issues Subject: RE: SMTP generated by virus Everyone should do this, before there is a problem. But just to nitpick the solution wording....Add a rule to allow your exchange server, then add a default deny after that. :) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:08 AM To: MS-Exchange Admin Issues Subject: RE: SMTP generated by virus Do it at your firewall. Block anything on 25 outbound by default and then add a rule for your exchange server to allow only it outbound. That will solve the blacklisting issue while you can get the machines under wraps. -----Original Message----- From: JP [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:01 AM To: MS-Exchange Admin Issues Subject: SMTP generated by virus We are being affected by viruses on workstations that send mail thru an SMTP generated by the virus, bypassing our exchange server. As a result, we get blacklisted before we know it. I can remove the entire server where exchange is from the network and mail is still flowing out. My question is this: is there a method of blocking E-Mail sent thru port 25 by anyone but exchange? How can we stop these situations? Thank you in advance for your assistance. J.P. Lacasse ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. ______________________________________________________________________ ______________________________________________________________________ This electronic mail message and any attached files contain information intended for the exclusive use of the person(s) to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this message or its contents may be subject to legal restriction or sanction. If you have received this message in error, please notify the sender immediately by electronic mail and delete the original message and any attachments without retaining any copies. _____________________________________________________________________ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
