Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

SPAM abuse complaints

I work for a service provider with aprox. 500 client systems on our network.

Lately clients have complained of not being able to send email. After a bit of research i found out we were being put on various spam sites and having our IP blocked.

Because all lof our customers come out from the same IP (firewall's IP) it is impossible to see who the culprit is.

Any ideas how we can avoid this issue?


Re: SPAM abuse complaints

I think this can be traced out using a proper accounting server. Because, this accounting server will track the correcponding hosts and account their events as a log. But this is just my suggestion. I am not sure how it is going to work out for you.

For a more precise answer, I may need the configurations currently running on your firewall and a generic overview of your network topology.

Community Member

Re: SPAM abuse complaints

There are more than a few ways......

In my experience you may want to look into the following

1 - Make sure that your email server has not been comprimised or misconfigured to allow it to be used as a mail relay.

2 - Migrate to a web based email infrastruture and disallow outbound communication using tcp/25(smtp) from the client host to the mail server (this is easily achieveable if using the 'Port Blocking' feature on McAfee ePO and 8.0i or 7.0 client AV). Viruses typically spam using smtp and if your disallow that, then you have gained alot.

3 - If #2 is not feasible, you may want to look into an external content filtering device or software application for your mail server. I have worked with McAfee Webshield and the installation is painless and requires no changes to your topology. I installed it as a L7 aware transparent bridge. Sit it between your Router and Firewall and it scans all in/bound mail for spam and viruses.

I have done all of the above at companies and it made life alot easier.


CreatePlease to create content