IPSEC filter to block 25 outbound on SBS 2003 Standard

Today’s post come compliments of Mark Stanfill. This was a quick answer he did to a question a couple of us had, so while this isn’t a “documented” Microsoft solution I would take advantage of it if you are attempting to block SMTP traffic on your Small Business Server 2003 Standard based networks. The reason for this is to only allow outbound SMTP email from the server and blocking the clients of which may be sending out SPAM on TCP Port 25. Works on both Single and Dual NIC SBS boxes! Thanks go to Mark for giving me permission to post this! – Steve


Mark’s notes:


You don’t even need RRAS for this to work.  The filtering is done before the packets leave the client; this setup prevents unwanted traffic in single-NIC and dual-NIC environments.


You create an IPSEC policy, allow all traffic, but deny SMTP originating from internal addresses (only if none of them need to connect to external addresses for POP3/IMAP clients, otherwise you will block those connections in the process).




  1.  Create & link a new GPO to client computers (not anywhere it would apply to the SBS J)
  2. Create a new IPSEC policy in the GPO:



  1.  Edit the properties.  I’ve only blocked one client, usually you’ll want to do a subnet:

















Gpupdate /force to apply (it will probably ask you to reboot, but it is already applied.

Windows Server 2008, SQL 2008, and Visual Studio 2008 Launch Events

The registration site which originally had Los Angeles only open for registration now has most of the sites open. The URL to register is:

http://www.microsoft.com/heroeshappenhere/register/default.mspx

If you are attending the Seattle event, I’ll see you there!

Take a test drive

Come to an event and test drive Windows Server® 2008 operating system, Microsoft® SQL Server® 2008, and Microsoft Visual Studio® 2008.

Meet the experts

Enjoy hands-on labs, face-to-face Q&A sessions with software experts, and other opportunities to interact with development team members.