Prevent spam before router

elelvis19 · ‎07-13-2009

Hi,

We are a small ISP and we have a problem in one of our locations, we have a Router 2811 with 5Mb of internet and around 50 clients behind, the router in the WAN interface have a public IP and is doing NAT to the LAN interface of clients and the problem is that one or more clients PCs are sending spam to the internet and that's why the public IP of the WAN interface is too often in some DNSBLs or blacklist and some other clients when they send emails from they own domains doesn't arrive because it's say that the IP of the WAN interface is in a blacklist.

The question is, can we do something to prevent this without have to change the public IP????

guibarati · ‎07-14-2009

Even with anti-spam there still can happen some false-negative (a spam not detected), so there is no easy way for you to say what is and what is not a spam. (If it was easy all spam problem could be solved easyly).

Some choices I could give you:

1.Buy an anti-spam and tell your clients to use your anti-spam as relay, then close direct connection from clients to internet on port TCP/25.(Ironport, now is cisco and the best antispam I ever see)

2.Usually spam from inside are sent by some computer with virus or something.. not an user opening his email and sending emails (unless it's a marketing email being considered spam by RBLs).

So you could bring up a SMTP relay, a simple one not an antispam, but listening on an righ port, not 25, and tell your clients to use it as relay. the zumbi machines will try 25 and fail as you are blocking it