Preventing an internal spammer – E-Bitz – SBS MVP the Official Blog of the SBS "Diva"

Avagy: a spammerek már a spájzban vannak.

So what can you do to proactively prevent a client’s workstation to be turned into a spam spewing beast?

Les Connor and ISA Server 2004 once again to the rescue:

He builds a rule to deny any port 25 transmissions from anything other than the server itself and an internal scanner.

Action: Deny, log requests
Protocols: Selected : SMTP
From: The lan (defined IP address range)
Exceptions: SBS, Printer and Scanner IP's, which are defined specific IP
addresses.
To: Anywhere (pre-existing destination)
Users: All
Schedule: Always

Caveat, this blocks the use of telnet <external host> 25 from any local
machine for troubleshooting purposes, so beware of this if you use it on
your *own* network for testing SMTP.


You might also want to build an alert rule when this deny rule kicks in as it would be a sign of infestation.

Preventing an internal spammer – E-Bitz – SBS MVP the Official Blog of the SBS “Diva”