Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
2
Replies

SPAM abuse complaints

vanagon2tdi
Level 1
Level 1

‎03-01-2006 08:27 AM - edited ‎03-09-2019 02:06 PM

I work for a service provider with aprox. 500 client systems on our network.

Lately clients have complained of not being able to send email. After a bit of research i found out we were being put on various spam sites and having our IP blocked.

Because all lof our customers come out from the same IP (firewall's IP) it is impossible to see who the culprit is.

Any ideas how we can avoid this issue?

Labels:
0 Helpful
2 Replies 2

ssoberlik
Level 4
Level 4

‎03-07-2006 07:39 AM

I think this can be traced out using a proper accounting server. Because, this accounting server will track the correcponding hosts and account their events as a log. But this is just my suggestion. I am not sure how it is going to work out for you.

For a more precise answer, I may need the configurations currently running on your firewall and a generic overview of your network topology.

0 Helpful

d-garnett
Level 3
Level 3

‎03-12-2006 03:20 PM

There are more than a few ways......

In my experience you may want to look into the following

1 - Make sure that your email server has not been comprimised or misconfigured to allow it to be used as a mail relay.

2 - Migrate to a web based email infrastruture and disallow outbound communication using tcp/25(smtp) from the client host to the mail server (this is easily achieveable if using the 'Port Blocking' feature on McAfee ePO and 8.0i or 7.0 client AV). Viruses typically spam using smtp and if your disallow that, then you have gained alot.

3 - If #2 is not feasible, you may want to look into an external content filtering device or software application for your mail server. I have worked with McAfee Webshield and the installation is painless and requires no changes to your topology. I installed it as a L7 aware transparent bridge. Sit it between your Router and Firewall and it scans all in/bound mail for spam and viruses.

I have done all of the above at companies and it made life alot easier.

-Don_G

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents