Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

SPAM abuse complaints

Unanswered Question
Mar 1st, 2006
User Badges:

I work for a service provider with aprox. 500 client systems on our network.

Lately clients have complained of not being able to send email. After a bit of research i found out we were being put on various spam sites and having our IP blocked.

Because all lof our customers come out from the same IP (firewall's IP) it is impossible to see who the culprit is.

Any ideas how we can avoid this issue?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ssoberlik Tue, 03/07/2006 - 07:39
User Badges:
  • Bronze, 100 points or more

I think this can be traced out using a proper accounting server. Because, this accounting server will track the correcponding hosts and account their events as a log. But this is just my suggestion. I am not sure how it is going to work out for you.

For a more precise answer, I may need the configurations currently running on your firewall and a generic overview of your network topology.

d-garnett Sun, 03/12/2006 - 15:20
User Badges:

There are more than a few ways......

In my experience you may want to look into the following

1 - Make sure that your email server has not been comprimised or misconfigured to allow it to be used as a mail relay.

2 - Migrate to a web based email infrastruture and disallow outbound communication using tcp/25(smtp) from the client host to the mail server (this is easily achieveable if using the 'Port Blocking' feature on McAfee ePO and 8.0i or 7.0 client AV). Viruses typically spam using smtp and if your disallow that, then you have gained alot.

3 - If #2 is not feasible, you may want to look into an external content filtering device or software application for your mail server. I have worked with McAfee Webshield and the installation is painless and requires no changes to your topology. I installed it as a L7 aware transparent bridge. Sit it between your Router and Firewall and it scans all in/bound mail for spam and viruses.

I have done all of the above at companies and it made life alot easier.



This Discussion