Re: Blocking SMT Connections by clients
- From: "Jim Harrison \(MSFT\)" <jmharr@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 19 Apr 2005 13:02:54 -0700
I prefer dark or semi-sweet chocolate... :-)
You have two options, depending on your current policies:
1 - you're operating with an "allow all" policy. If this is the case, then anyone that happens to be in your LAN has access to
anything on the Internet. This is bad. Your ISA policies should "deny by default" and "allow only those things I want to allow".
This means a restructuring of the policy set to provide this. If you can't drop the "allow all" rule, then you'll have to create a
"deny all except" protocol rule. Use the CAS operation from option 2 and apply it in the exception portion of the deny rule. This
will have the effect of denying SMTP traffic for all except approved hosts.
2 - you're not using an "allow all policy", but your ISA SMTP access rule allows "all users" "all computers". What you should do is
create a Client Address Set for "approved mail servers" and enter only those IPs that you want to allow to send mail. Then you'll
associate this CAS with the SMTP protocol rule.
--
--
Jim Harrison [ISA SE]
Read the help, books and articles!
This posting is provided "AS IS" with no warranties, and confers no rights.
"krakan" <ctfisher@xxxxxxxxx> wrote in message news:b880c327.0504190113.60e00b5f@xxxxxxxxxxxxxxxxxxxxx
Hi guys,
Right, what we've got is a problem. Our SBS2000 server is currently
getting blacklisted at cbl.abuseat.org - it seems to us that the
problem is a compromised machine within the network sending emails
worthy of a blacklisting.
The problem is that we are the contracted IT support for this company
and this isn't out mess we have inherited. The network is regularly
used by visiting dignitaries and we hae been unable as yet to lock
this down. The number of laptops which come and go each day without
our knowledge is worrying, since none of them have AV, none of them
are firewalled most of the time and ALL of them are operated
exclusively. We cannot stop this situation right now so we must do
something to lessen the danger of it. What we want to do now is
prevent any machines on the network from connecting to remote hosts on
port 25 (with the obvious exception of the SBS server which runs
exchange) and this will have the added advantage of showing us who is
causing the problems because ISA's logs will point to it!
Problem is, I'm new to ISA server and can't for the life of me see how
to construct a packet filter to do this - block any machines INSIDE
the network from making TCP connections to REMOTE hosts on port 25..
If anyone can help I'll send them a chocolate bar.
.
- Follow-Ups:
- Re: Blocking SMT Connections by clients
- From: ABH
- Re: Blocking SMT Connections by clients
- References:
- Blocking SMT Connections by clients
- From: krakan
- Blocking SMT Connections by clients
- Prev by Date: Re: Unable to add new protocol definition for ISA 2000
- Next by Date: Re: Blocking SMT Connections by clients
- Previous by thread: Blocking SMT Connections by clients
- Next by thread: Re: Blocking SMT Connections by clients
- Index(es):
Relevant Pages
|
