SdBot backdoor is reaching our Exchange 5.5 Server most days. Looking in c:\winnt\system32 I can see new .exe files which I have to delete and remove from the registry.
When I do netstat -an I can see a connection to external IP addresses via a number of listening (and established) ports which stay open for hours.
To tighten security I want to only allow mail traffic to reach the server from the internet using the filter settings on our intenet firewall (bordermanager).
What incoming ports do I need to allow to receive mail from the internet? I set the firewall server to allow traffic into our email server on port 25 only. I thought it was working as we were still receiving emails, but it stops us sending emails out to the internet even though our firewall rules allow any outbound traffic via any port.
When I do netstat -an I can see a connection to external IP addresses via a number of listening (and established) ports which stay open for hours.
To tighten security I want to only allow mail traffic to reach the server from the internet using the filter settings on our intenet firewall (bordermanager).
What incoming ports do I need to allow to receive mail from the internet? I set the firewall server to allow traffic into our email server on port 25 only. I thought it was working as we were still receiving emails, but it stops us sending emails out to the internet even though our firewall rules allow any outbound traffic via any port.
