RE: Blocking SMT Connections by clients

---

• From: "Dan DeCoursey" <DanDeCoursey@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 28 Apr 2005 06:36:11 -0700

---

Hello,

I am a big greenhorn here.....but this scenario , as listed here ( being
blacklisted) is happening to my domain also.....and your technical
discussions of ports an such is above me..... would there be a way to address
webmail restriction via HTTP content "rule/policy" that would deny access to
any URl that had the word mail in the URL??? IS thi possible or does this
approach still "leave holes"

Thanks ....Dan

"krakan" wrote:

> Hi guys,
>
> Right, what we've got is a problem. Our SBS2000 server is currently
> getting blacklisted at cbl.abuseat.org - it seems to us that the
> problem is a compromised machine within the network sending emails
> worthy of a blacklisting.
>
> The problem is that we are the contracted IT support for this company
> and this isn't out mess we have inherited. The network is regularly
> used by visiting dignitaries and we hae been unable as yet to lock
> this down. The number of laptops which come and go each day without
> our knowledge is worrying, since none of them have AV, none of them
> are firewalled most of the time and ALL of them are operated
> exclusively. We cannot stop this situation right now so we must do
> something to lessen the danger of it. What we want to do now is
> prevent any machines on the network from connecting to remote hosts on
> port 25 (with the obvious exception of the SBS server which runs
> exchange) and this will have the added advantage of showing us who is
> causing the problems because ISA's logs will point to it!
>
> Problem is, I'm new to ISA server and can't for the life of me see how
> to construct a packet filter to do this - block any machines INSIDE
> the network from making TCP connections to REMOTE hosts on port 25..
>
> If anyone can help I'll send them a chocolate bar.
>
.

---

• References:
  • Blocking SMT Connections by clients
    • From: krakan

• Prev by Date: ISA and Remote Control Software
• Next by Date: Re: restricting users to olny using our exchange server email syst
• Previous by thread: Re: Blocking SMT Connections by clients
• Next by thread: Re: Blocking SMT Connections by clients
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Update: UDP 770 Potential Worm ... > I still believe that the packets may be the result ... with the goal of knocking machines ... the network immediately after the 'attack', ... destined to port if you haven't sniffed it somehow? ... (Incidents) Re: all ip addresses of machines in the local network ... database onto different machines residing in the same network. ... I expect that you would know the IP range for your network. ... the particular port. ... Amit Khemka -- onyomo.com ... (comp.lang.python) Re: A Lot of Traffic on Network ... have you checked out the machines that are ... bigger switches and hubs i have seen there is usually a port activity light ... > Actually our network administrator quit. ... (microsoft.public.win2000.security) Re: security question ... address may be just a NAT for a larger network behind it, ... Unisite Internet Presence Provider ... As long as you open your port 22 to the world, ... machines or networks that need the access. ... (linux.redhat) Blocking SMT Connections by clients ... Our SBS2000 server is currently ... worthy of a blacklisting. ... The network is regularly ... to construct a packet filter to do this - block any machines INSIDE ... (microsoft.public.isa.configuration)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.configuration  > 2005-04