RE: SMTP generated by virus
Do it at your firewall. Block anything on 25 outbound by default and then add a rule for your exchange server to allow only it outbound. That will solve the blacklisting issue while you can get the machines under wraps. -Original Message- From: JP [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:01 AM To: MS-Exchange Admin Issues Subject: SMTP generated by virus We are being affected by viruses on workstations that send mail thru an SMTP generated by the virus, bypassing our exchange server. As a result, we get blacklisted before we know it. I can remove the entire server where exchange is from the network and mail is still flowing out. My question is this: is there a method of blocking E-Mail sent thru port 25 by anyone but exchange? How can we stop these situations? Thank you in advance for your assistance. J.P. Lacasse ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: SMTP generated by virus
Only allow outbound port 25 on your firewall from your exchange server IP address Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07949 255062 E:[EMAIL PROTECTED] W:www.cetv-net.com -Original Message- From: JP [mailto:[EMAIL PROTECTED] Sent: 19 August 2008 14:01 To: MS-Exchange Admin Issues Subject: SMTP generated by virus We are being affected by viruses on workstations that send mail thru an SMTP generated by the virus, bypassing our exchange server. As a result, we get blacklisted before we know it. I can remove the entire server where exchange is from the network and mail is still flowing out. My question is this: is there a method of blocking E-Mail sent thru port 25 by anyone but exchange? How can we stop these situations? Thank you in advance for your assistance. J.P. Lacasse ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ __ This email has been scanned by the MessageLabs Email Security System. __ __ This electronic mail message and any attached files contain information intended for the exclusive use of the person(s) to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this message or its contents may be subject to legal restriction or sanction. If you have received this message in error, please notify the sender immediately by electronic mail and delete the original message and any attachments without retaining any copies. _ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: SMTP generated by virus
Everyone should do this, before there is a problem. But just to nitpick the solution wordingAdd a rule to allow your exchange server, then add a default deny after that. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:08 AM To: MS-Exchange Admin Issues Subject: RE: SMTP generated by virus Do it at your firewall. Block anything on 25 outbound by default and then add a rule for your exchange server to allow only it outbound. That will solve the blacklisting issue while you can get the machines under wraps. -Original Message- From: JP [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:01 AM To: MS-Exchange Admin Issues Subject: SMTP generated by virus We are being affected by viruses on workstations that send mail thru an SMTP generated by the virus, bypassing our exchange server. As a result, we get blacklisted before we know it. I can remove the entire server where exchange is from the network and mail is still flowing out. My question is this: is there a method of blocking E-Mail sent thru port 25 by anyone but exchange? How can we stop these situations? Thank you in advance for your assistance. J.P. Lacasse ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: SMTP generated by virus
Also, once you have the deny rule in place, log denied packets, that will tell what machine is infected Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07949 255062 E:[EMAIL PROTECTED] W:www.cetv-net.com -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: 19 August 2008 14:24 To: MS-Exchange Admin Issues Subject: RE: SMTP generated by virus Everyone should do this, before there is a problem. But just to nitpick the solution wordingAdd a rule to allow your exchange server, then add a default deny after that. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:08 AM To: MS-Exchange Admin Issues Subject: RE: SMTP generated by virus Do it at your firewall. Block anything on 25 outbound by default and then add a rule for your exchange server to allow only it outbound. That will solve the blacklisting issue while you can get the machines under wraps. -Original Message- From: JP [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:01 AM To: MS-Exchange Admin Issues Subject: SMTP generated by virus We are being affected by viruses on workstations that send mail thru an SMTP generated by the virus, bypassing our exchange server. As a result, we get blacklisted before we know it. I can remove the entire server where exchange is from the network and mail is still flowing out. My question is this: is there a method of blocking E-Mail sent thru port 25 by anyone but exchange? How can we stop these situations? Thank you in advance for your assistance. J.P. Lacasse ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ __ This email has been scanned by the MessageLabs Email Security System. __ __ This electronic mail message and any attached files contain information intended for the exclusive use of the person(s) to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this message or its contents may be subject to legal restriction or sanction. If you have received this message in error, please notify the sender immediately by electronic mail and delete the original message and any attachments without retaining any copies. _ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: SMTP generated by virus
Also make sure that any machines that are allowed to relay through the exchange server are, if possible, authenticating and keep very tight control on this list. -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: 19 August 2008 03:24 PM To: MS-Exchange Admin Issues Subject: RE: SMTP generated by virus Everyone should do this, before there is a problem. But just to nitpick the solution wordingAdd a rule to allow your exchange server, then add a default deny after that. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:08 AM To: MS-Exchange Admin Issues Subject: RE: SMTP generated by virus Do it at your firewall. Block anything on 25 outbound by default and then add a rule for your exchange server to allow only it outbound. That will solve the blacklisting issue while you can get the machines under wraps. -Original Message- From: JP [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:01 AM To: MS-Exchange Admin Issues Subject: SMTP generated by virus We are being affected by viruses on workstations that send mail thru an SMTP generated by the virus, bypassing our exchange server. As a result, we get blacklisted before we know it. I can remove the entire server where exchange is from the network and mail is still flowing out. My question is this: is there a method of blocking E-Mail sent thru port 25 by anyone but exchange? How can we stop these situations? Thank you in advance for your assistance. J.P. Lacasse ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ Disclaimer: The Development Bank of Southern Africa exercises no control over information contained in any e-mail message originating from within the organisation. The Bank makes no representation relating to the completeness or accuracy and accepts no responsibility for any loss, damage or liability that is incurred by reliance on the content hereof by the recipient or any other party. Each page attached hereto must also be read in conjunction with any disclaimer, which forms part of it. Confidentiality: The e-mail is privileged and confidential and for use of the addressee only. Should you have received this e-mail in error, please return it to [EMAIL PROTECTED] Dissemination, disclosure, copying or any similar actions of the content of this e-mail is strictly prohibited. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: SMTP generated by virus
Yes - it's called a router, or sometimes a firewall. You put ACLs on one or both of them for port 25, allowing only the Exchange server to talk on that port, and denying all others. Kurt On Tue, Aug 19, 2008 at 6:00 AM, JP [EMAIL PROTECTED] wrote: We are being affected by viruses on workstations that send mail thru an SMTP generated by the virus, bypassing our exchange server. As a result, we get blacklisted before we know it. I can remove the entire server where exchange is from the network and mail is still flowing out. My question is this: is there a method of blocking E-Mail sent thru port 25 by anyone but exchange? How can we stop these situations? Thank you in advance for your assistance. J.P. Lacasse ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: SMTP generated by virus
I do it with my McAfee AV. Mark - Two rules to success in life: 1. Never tell people everything you know. -Original Message- From: JP [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:01 AM To: MS-Exchange Admin Issues Subject: SMTP generated by virus We are being affected by viruses on workstations that send mail thru an SMTP generated by the virus, bypassing our exchange server. As a result, we get blacklisted before we know it. I can remove the entire server where exchange is from the network and mail is still flowing out. My question is this: is there a method of blocking E-Mail sent thru port 25 by anyone but exchange? How can we stop these situations? Thank you in advance for your assistance. J.P. Lacasse ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ Please consider the environment before printing this email. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: SMTP generated by virus
This is a firewall issue. Solving it will vary by your model of firewall, but you'll need a policy that blocks all outbound SMTP (Port 25) traffic and then another higher priority policy that specifically allows SMTP from your Exchange server. -Original Message- From: Mark Boersma [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 11:54 AM To: MS-Exchange Admin Issues Subject: RE: SMTP generated by virus I do it with my McAfee AV. Mark - Two rules to success in life: 1. Never tell people everything you know. -Original Message- From: JP [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:01 AM To: MS-Exchange Admin Issues Subject: SMTP generated by virus We are being affected by viruses on workstations that send mail thru an SMTP generated by the virus, bypassing our exchange server. As a result, we get blacklisted before we know it. I can remove the entire server where exchange is from the network and mail is still flowing out. My question is this: is there a method of blocking E-Mail sent thru port 25 by anyone but exchange? How can we stop these situations? Thank you in advance for your assistance. J.P. Lacasse ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ Please consider the environment before printing this email. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: SMTP generated by virus
Requiring authentication is often not practical, but it's not that hard, no client machine should ever need to send out bound SMTP mail. Various server may, but workstations? Nope. On the server application side, we allow relay by IP Address and track the source server/requester and validate it is still needed twice a year. Steven On Tue, Aug 19, 2008 at 6:50 AM, Peter Johnson [EMAIL PROTECTED] wrote: Also make sure that any machines that are allowed to relay through the exchange server are, if possible, authenticating and keep very tight control on this list. -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: 19 August 2008 03:24 PM To: MS-Exchange Admin Issues Subject: RE: SMTP generated by virus Everyone should do this, before there is a problem. But just to nitpick the solution wordingAdd a rule to allow your exchange server, then add a default deny after that. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:08 AM To: MS-Exchange Admin Issues Subject: RE: SMTP generated by virus Do it at your firewall. Block anything on 25 outbound by default and then add a rule for your exchange server to allow only it outbound. That will solve the blacklisting issue while you can get the machines under wraps. -Original Message- From: JP [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 9:01 AM To: MS-Exchange Admin Issues Subject: SMTP generated by virus We are being affected by viruses on workstations that send mail thru an SMTP generated by the virus, bypassing our exchange server. As a result, we get blacklisted before we know it. I can remove the entire server where exchange is from the network and mail is still flowing out. My question is this: is there a method of blocking E-Mail sent thru port 25 by anyone but exchange? How can we stop these situations? Thank you in advance for your assistance. J.P. Lacasse ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ Disclaimer: The Development Bank of Southern Africa exercises no control over information contained in any e-mail message originating from within the organisation. The Bank makes no representation relating to the completeness or accuracy and accepts no responsibility for any loss, damage or liability that is incurred by reliance on the content hereof by the recipient or any other party. Each page attached hereto must also be read in conjunction with any disclaimer, which forms part of it. Confidentiality: The e-mail is privileged and confidential and for use of the addressee only. Should you have received this e-mail in error, please return it to [EMAIL PROTECTED] Dissemination, disclosure, copying or any similar actions of the content of this e-mail is strictly prohibited. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~