Outbound Spam/Mail Filtering

Started by RoDDy, July 11, 2016, 12:14:12 PM

Previous topic - Next topic

jay9821

Quote from: RoDDy on July 11, 2016, 12:14:12 PM
Hi Guys,

I am currently trying to find a solution that can inspect my outbound traffic and block any that may be deemed suspicious.

I currently have a number of IP blocks that are currently blacklisted and received a few customer complaints already. In the meantime i have assigned them to a new IP subnet but would like to find something more permanent (I dont want to keep removing them from the blacklists or reassigning them) and not just a band aid solution, as it would only be a matter of time before my other blocks are blacklisted.

Do you guys know of any good solutions? I have been doing some quick searches on the net and see Fortinet has a solution and also another company i am not familiar with called Cybonet (formerly PineApp). I would prefer to have an on premise solution that i can manage myself and is transparent in terms of traffic flow.

Thanks in advance for any ideas.

-Roddy
I work at Barracuda as a Network Security Support Engineer, all of our Email Security Gateways and I also believe our NG Firewalls allow you to filter outbound mail traffic.
Quote from: ristau5741 on July 11, 2016, 12:30:03 PM
I'd be more concerned with inbound rather than outbound filtering,  let stuff go out. who really cares?  just don't let the bad stuff in.
Not true; if your network is compromised and someone dumps 100,000 emails in your exchange server to be relayed out, you can be put on  blacklists in a matter of minutes. Need some sort of filter to detect.
Quote from: wintermute000 on July 11, 2016, 04:30:18 PM
Block port 25 by default. As an ISP the last thing you want to do is start getting involved with customer traffic.
Almost correct. You want port 25 locked down to a single nat rule.

Port 25 (and other mail ports) should only see traffic coming from 1 IP address. No reason why linda in accounting should be sending directly out.

Quote from: deanwebb on July 11, 2016, 06:57:49 PM
Quote from: wintermute000 on July 11, 2016, 04:30:18 PM
Block port 25 by default. As an ISP the last thing you want to do is start getting involved with customer traffic.
Can't block port 25 if the guy has an on-premises email server...

True, see above post.

deanwebb

Epic gravedig, but helpful. I approve.

:awesome:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.