This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disabling port 25

My IP address was blacklisted on cbl (rustock spambot). I've done some research and one of the first steps to finding the infected PC(s) is to disable port 25 from all PCs except the mail server and see which ones are sending out spam emails. So I guess....

1) how do I disable/block port 25 in Webmin?
2) how do I get a log of which PCs are trying to use port 25?

ASG is currently running version 7.504

Thanks for your help.

This thread was automatically locked due to age.

0 BarryG over 15 years ago

Hi, make sure the SMTP proxy is setup to only allow outbound mail from your mail server.

Make sure you don't have a packetfilter rule allowing ANY outbound traffic.

You could use tcpdump on the console to see port 25 traffic... e.g.
tcpdump -i eth1 port 25 and src or dst not mailserver.ip

assuming eth1 is your Internal NIC.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 HeyMyke over 15 years ago

BarryG, thanks for your response. I failed to mention that I'm a novice with the ASG. Are your steps done through the GUI? That is the interface I'm only familiar with at the moment. =/
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 15 years ago

tcpdump can't be run through the GUI, but it would just be a confirmation that nothing is sending mail; If you check the other things you probably don't need to worry.

Barry
Cancel
Vote Up 0 Vote Down

Cancel