Blocking SMTP at firewall

[SnoopFrogg]

I'm trying to block outgoing SMTP traffic from our network from every computer but our email server. I've created an allow rule in my firewall for my email server and created a deny rule for all client computers (I'm trying to prevent any spam cannons from sending email out of our LAN).

How can I test that clients cannot send email via SMTP? Will going to the command line and using telnet to connect to an outside email server via port 25 test this functionality?

Thanks in advance.

[purple]
SnoopFrogg
MCSA+Security - Windows Server 2003
[/purple]

 

[richcleverley]

won't setting up an email account that uses an external smtp server do this? Surely if it tries to send through smtp.external.com rather than smtp.internal.com and manages to send the mail then the firewall is not blocking the traffic.

Just an idea, but makes sense to me.

Richard

 

[nickpark]

Yes, your telnet 25 will timeout instead of getting the usual SMTP intro message.

If it works before the change and doesnt work after the change (except on the mailserver), you're ok.

 

[SnoopFrogg]

Thanks for the replies yall. I tested with telnet on several clients and the firewall is now blocking SMTP traffic from all IPs except for the mail server's IP.

[purple]
SnoopFrogg
MCSA+Security - Windows Server 2003
[/purple]

 

[nickpark]

i guess ideally you'd block all ports and then open them as required.

at the moment, any spam-virus could send mail out with SMTP on any non-25 port - if it could find/create an smtp server servicing that port.