WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Stop spam from our LAN  (Read 2592 times)

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
Stop spam from our LAN
« on: May 19, 2013, 09:35:13 PM »
Hi All,

Our email domain has recently been blacklisted for detected high traffic spam.

It is mostly likely a virus/trojan, as I found one and cleaned it from a computer a day before we were blacklisted. (I've had the blacklisting lifted)

I think we need to install something between the network switch and the modem that can detect stuff like this and block the computer if detected.

Any suggestions ?
Live long and prosper.

Offline hiro

  • Hero Member
  • *****
  • Posts: 1217
Re: Stop spam from our LAN
« Reply #1 on: May 20, 2013, 04:28:25 AM »
Because one guy with his udp/rtp video streaming shit overloaded the network consistently I blocked all outgoing connections by default and only have few exceptions: there's a squid proxy for web browsing on windows machines, a voip pbx, a mail server and a well-behaving bittorrent downloader, accessible to all users on the router. Viruses that communicate over HTTP/HTTPS can of course still operate over this network, but they can't send SMTP mails, scan networks, or attack anything else but HTTP servers directly.

This all made me a 24/7 babysitter :)

Offline genec

  • Full Member
  • ***
  • Posts: 240
Re: Stop spam from our LAN
« Reply #2 on: May 20, 2013, 04:36:10 PM »
1) Only allow highly trusted systems (your mail filter system) to send from your IP range.  Block others by default at your firewall.
2) Filter outbound email to prevent a compromised account from spamming.

For many years, the network I work with had #1.  During a migration to a new mail filter (as a separate appliance, utilized by the mail system as a smart host), outbound filtering was never turned back on.  When 1 account was compromised, it generated over 100k messages in around 8 hours, quadruple the typical weekly volume.  I checked various blacklists and found nothoing.  Days later I hear that 1 domain blacklisted our system which was easy to resolve (submit request and unblocked within ~4 hours).

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
Re: Stop spam from our LAN
« Reply #3 on: May 20, 2013, 05:08:59 PM »
We have no mail server on site, we use smtp to our isp mail server.

We have no firewall on site, we use a mix of windows xp and windows 7 machines. Plus a few microcore file servers.

I've had no network admin training so am not sure what direction to take :(
Live long and prosper.

Offline genec

  • Full Member
  • ***
  • Posts: 240
Re: Stop spam from our LAN
« Reply #4 on: May 20, 2013, 05:14:09 PM »
So at that point, it's just dropping a firewall in that filters and as a part of it, block SMTP unless it's to your ISP's system.

Your best bet is finding a good friend or affordable consultant.  There are appliances to do this sort of thing and some are quite affordable.

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
Re: Stop spam from our LAN
« Reply #5 on: May 20, 2013, 09:02:48 PM »
I see that microcore 3.8.4 has iptables.tcz available, I recon I'll have a look at learning how it works in a vm.

Thanks for the suggestion.

Google has revealed many iptables tutorials.
Live long and prosper.

Offline genec

  • Full Member
  • ***
  • Posts: 240
Re: Stop spam from our LAN
« Reply #6 on: May 25, 2013, 05:53:25 AM »
4.x also has iptables.  There are also numerous distros and systems that could help provide this functionality in a more friendly format.