Blocking outgoing spam on network

Discussion in 'Networking & Security' started by joblo37pam, Sep 17, 2010.

  1. joblo37pam

    joblo37pam [H]ard|Gawd

    Messages:
    2,044
    Joined:
    Jun 28, 2002
    I'm looking for an easy/cheap way to block spam from ever leaving my network.

    With the uptick in virii/spyware lately, I have had quite a few spambots coming into the shop to get cleaned up. Some of them because the ISP has shut them down for sending spam. Once in a while (twice in the last month), one of these machines will get plugged into the network before it is 'really' clean and start spamming again. Luckily, I know the ISP guy that monitors this and he just calls and tells me to unplug it, but I would like to keep that traffic from ever getting out of the network.

    I know I could setup an Untangle box to only allow smtp traffic from my Exchange server, but I also need to be able to allow smtp traffic to machines from time to time to test their email client configurations. Does Untangle allow for outgoing spam filtering instead of just blocking based on port 25? If not, is there anything else (preferably open source) that could do this?

    Thanks for the suggestions
     
  2. LZ1

    LZ1 [H]Lite

    Messages:
    108
    Joined:
    Sep 3, 2010
    Why do your client machines need port 25 out? All email should go through exchange.

    Just block 25 and allow it if you need to troubleshoot.
     
  3. jmack_3

    jmack_3 Limp Gawd

    Messages:
    318
    Joined:
    Mar 31, 2000
    My techbench is on a totally different subnet and port 25 is blocked at the firewall that handles the techbench. We only open port 25 when needed to test an outgoing email and even then only when we cant reconfigure the client to a more appropriate port for outgoing email. I'm about to go one step further and begin monitoring all traffic that comes off the techbench as we have seen some pretty smart/stealthy spambots as of late.

    Joe...
     
  4. joblo37pam

    joblo37pam [H]ard|Gawd

    Messages:
    2,044
    Joined:
    Jun 28, 2002
    These machines don't belong to us, so our Exchange server is irrelevant, except for the fact that it still needs out on 25. These machines are relying on their ISP/host for POP3/SMTP, and we need to test that connectivity once in a while. It would be best if we didn't have to open a port every time we configured a POP3 client. A smart filter would be better, if there's one available (even if it was only so smart as to allow a maximum number of messages per IP/min or something similar)
     
  5. nessus

    nessus 2[H]4U

    Messages:
    2,221
    Joined:
    Jan 30, 2001
    Yep, on the Spam Blocker settings in the advanced section, just check the checkbox to "Scan outbound (WAN) SMTP".
     
  6. joblo37pam

    joblo37pam [H]ard|Gawd

    Messages:
    2,044
    Joined:
    Jun 28, 2002
    Sweet. I guess I'll have to throw a machine together and give it a go.