Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 2322 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help we've been hacked!

Buggrit
[:O] We have an exchange sever behind an ASG-120.  The  ASG reported a sudden increase in SMTP mail traffic. The customer also reports slow network response as well. I suspect we have an SMTP-Auth hack and I need to stop it as soon as possible this morning. 

Most of our users are internal and do not require access to the mail server from outside the etwork to send their mail (except those that connect using VPN access). 

What can I do at the firewall to stop this relaying and if anyone can point me in the direction of any good step-by-step guides to locking down relaying on the exchange server, that would be a real bonus.

Many Thanks,

JB


This thread was automatically locked due to age.
Parents
  • 0
    With Exchange, the best practice is to eliminate all other outbound SMTP traffic.  That prevents the use of Outlook (and other mail clients) with outside services (except those using alternate SMTP ports), but it specifically prevents malware from sending email from an infected PC.

    This means that you should should allow relaying only from the Exchange server, and that there should be no packet filter rule allowing outbound Port-25 traffic.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    With Exchange, the best practice is to eliminate all other outbound SMTP traffic.  That prevents the use of Outlook (and other mail clients) with outside services (except those using alternate SMTP ports), but it specifically prevents malware from sending email from an infected PC.

    This means that you should should allow relaying only from the Exchange server, and that there should be no packet filter rule allowing outbound Port-25 traffic.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Cookie Information Banner