Quote from: RoDDy on July 11, 2016, 12:14:12 PMI work at Barracuda as a Network Security Support Engineer, all of our Email Security Gateways and I also believe our NG Firewalls allow you to filter outbound mail traffic.
Hi Guys,
I am currently trying to find a solution that can inspect my outbound traffic and block any that may be deemed suspicious.
I currently have a number of IP blocks that are currently blacklisted and received a few customer complaints already. In the meantime i have assigned them to a new IP subnet but would like to find something more permanent (I dont want to keep removing them from the blacklists or reassigning them) and not just a band aid solution, as it would only be a matter of time before my other blocks are blacklisted.
Do you guys know of any good solutions? I have been doing some quick searches on the net and see Fortinet has a solution and also another company i am not familiar with called Cybonet (formerly PineApp). I would prefer to have an on premise solution that i can manage myself and is transparent in terms of traffic flow.
Thanks in advance for any ideas.
-Roddy
Quote from: ristau5741 on July 11, 2016, 12:30:03 PMNot true; if your network is compromised and someone dumps 100,000 emails in your exchange server to be relayed out, you can be put on blacklists in a matter of minutes. Need some sort of filter to detect.
I'd be more concerned with inbound rather than outbound filtering, let stuff go out. who really cares? just don't let the bad stuff in.
Quote from: wintermute000 on July 11, 2016, 04:30:18 PMAlmost correct. You want port 25 locked down to a single nat rule.
Block port 25 by default. As an ISP the last thing you want to do is start getting involved with customer traffic.
Port 25 (and other mail ports) should only see traffic coming from 1 IP address. No reason why linda in accounting should be sending directly out.
Quote from: deanwebb on July 11, 2016, 06:57:49 PMQuote from: wintermute000 on July 11, 2016, 04:30:18 PMCan't block port 25 if the guy has an on-premises email server...
Block port 25 by default. As an ISP the last thing you want to do is start getting involved with customer traffic.
True, see above post.