Blacklisted server...help me block port 25 outbound.

[petrosky]

Hi,

I need some advice on editing my ipfw.conf file.

I have a windows machine which is apparently spewing out spam.
I would like to block all outbound SMTP traffic whilst still allowing genuine email traffic out through my freebsd gateway.

Also...if anyone could tell me which logs I can check to ascertain the infected machine/s on my lan it would be great.

I am a newbie, so please be gentle.

Some more info should it be required.

Freebsd 4.8 Gateway running NAT, firewall & postfix mail.
XP SP2 clients running Outlook 2000 internet mail pointing at the BSD box.

Thanks in advance for any help.

I want to stop spam as much as the next person.

Regards,

Peter

Remember- It's nice to be important,
but it's important to be nice

 

[petrosky]

Hi,

I ended up getting offsite technical support on this issue as I wasn't comfortable editing the ipfw.conf file.

The following was done logged in as root.

postfix stop (to stop legit traffic)
ipfw add 150 deny log tcp from 192.168.1.0/24 to any 25 in recv fxp0 (a rule to block outgoing traffic on port 25)
dmesg -a | grep :25 (to display the machine/s connecting on 25)
the machine was then rebooted.

It turned out to be machines from a remote office connecting back via vpn.

Hope this helps any other newbies out there.

Regards,

Peter

Remember- It's nice to be important,
but it's important to be nice