IPSEC filter to block 25 outbound on SBS 2003 Standard

Today’s post come compliments of Mark Stanfill. This was a quick answer he did to a question a couple of us had, so while this isn’t a “documented” Microsoft solution I would take advantage of it if you are attempting to block SMTP traffic on your Small Business Server 2003 Standard based networks. The reason for this is to only allow outbound SMTP email from the server and blocking the clients of which may be sending out SPAM on TCP Port 25. Works on both Single and Dual NIC SBS boxes! Thanks go to Mark for giving me permission to post this! – Steve


Mark’s notes:


You don’t even need RRAS for this to work.  The filtering is done before the packets leave the client; this setup prevents unwanted traffic in single-NIC and dual-NIC environments.


You create an IPSEC policy, allow all traffic, but deny SMTP originating from internal addresses (only if none of them need to connect to external addresses for POP3/IMAP clients, otherwise you will block those connections in the process).




  1.  Create & link a new GPO to client computers (not anywhere it would apply to the SBS J)
  2. Create a new IPSEC policy in the GPO:



  1.  Edit the properties.  I’ve only blocked one client, usually you’ll want to do a subnet:

















Gpupdate /force to apply (it will probably ask you to reboot, but it is already applied.

4 thoughts on “IPSEC filter to block 25 outbound on SBS 2003 Standard”

  1. how would you specify a range of addresses, so that you can prevent smtp sending from all the client machines? for example if your sbs server was 192.168.1.2 and everything from 3-254 you wanted the smtp outbound requests blocked?

  2. The policy is linked for Client computers only in SBS. (meaning that it shouldn’t effect server computers-your exchange…) Then all you need to do is block the subnet 192.168.1.0 255.255.255.0 This will block all ip addresses in the subnet but only for client computers.

  3. This is exactly what I am looking for but does not work… :(

    the reboot is for the client or the server? I suppose after gpupdate /force it is not the server as it is running after this. Could you please help?

    Thanks

  4. This is exactly what I am looking for but does not work… :(

    the reboot is for the client or the server? I suppose after gpupdate /force it is not the server as it is running after this. Could you please help?

    Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>