Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Port 25

  • 1.  Port 25

    Posted Apr 06, 2011 04:42 PM

    Hello,

    I have a problem in my network our company public address keeping  blocked ,we have a Symantec protection Suite

    There is any work around to block port 25 for smtp in client through SEPM

    Thanks



  • 2.  RE: Port 25

    Posted Apr 06, 2011 04:49 PM

    Are you saying your comapny is blocking port 25, and you are looking for a workaround to allow port 25 traffic?

     

    See Symantec Endpoint Protection Manager - Firewall - Policies explained

    http://www.symantec.com/business/support/index?page=content&id=TECH104433&locale=en_US



  • 3.  RE: Port 25

    Posted Apr 06, 2011 04:50 PM

    If you have SEP firewall installed you can create a rule to block port 25 from SEPM.



  • 4.  RE: Port 25

    Posted Apr 07, 2011 04:59 AM

    Hi Omar,

     

    Can you describe the problem is a little more detail?

     

    > our company public address keeping  blocked

    > any work around to block port 25 for smtp in client through SEPM

     

    Do you mean that your mail server is on a block list?  That can happen if it is sending spam (often without your knowledge).

     

    Is this mail server an Exchange server?  And if so, does it have Symantec Mail Security for MS Exchange installed on that Exchange server?

     

    Are the SEP email tools installed on teh clients throughout the network?  Ar ethey popping up any unusual/unexpected messages about how the mails they are trying to send are being blocked? 

     

    Please add some details, if possible! 

     

    Many thanks!

     

    Mick



  • 5.  RE: Port 25

    Posted Apr 09, 2011 03:42 PM

    Hi Mick and all,

    our company public address keeping  blocked (Yes)

    > any work around to block port 25 for smtp in client through SEPM

     

    Do you mean that your mail server is on a block list?  That can happen if it is sending spam (often without your knowledge).

    Yes Correct

     

    Is this mail server an Exchange server?  Yes Exchange 2010

    And if so, does it have Symantec Mail Security for MS Exchange installed on that Exchange server?

    Yes it is in HUB/CAS

    Are the SEP email tools installed on teh clients throughout the network?  Ar ethey popping up any unusual/unexpected messages about how the mails they are trying to send are being blocked? 

    i have a SEP RU6 MP3 installed in all client

    No but when i run report i found alot of trojan and keygen

    My question "how i can block port 25 in client side by using SEP"



  • 6.  RE: Port 25

    Posted Apr 11, 2011 04:59 AM

    Thanks for the extra info, Omar!

     

    > i have a SEP RU6 MP3 installed in all client

     

    If the SEP clients have the Network Threat Protection (NTP) compnent, then it is an easy enough job to create a rule that blocks traffic on port 25 for them.  This can be created at the SEPM and deployed to all of the clients. 

     

    Note that if these computers send and receive mail to Exchange from MS Outlook, blocking Port 25 will not stop normal mail traffic.  Outlook and Exchange use different methods for sending and receiving mail: port 25 is used for server-to-server communication.

     

    One extra note: SMSMSE only scans inbound traffic for spam.  It is not intended to detect spam being sen from an Exchange server.  For details: Does Symantec Mail Security for Microsoft Exchange scan all inbound and outbound mail? (http://www.symantec.com/docs/TECH91306)

     

    I recommend taking a close look at the reports fro those trojan and keyloggers: make sure that they are all being successfully deleted or quarantined.  Any "partially removed" or "log only" actions will need manual action (fulll system scan in safe mode) to completely remove.

     

    Hope this helps!

     

    Mick



  • 7.  RE: Port 25

    Posted Apr 12, 2011 04:53 PM

    Mick,

    Could you please guide how i can create NTP Rule in SEPM

    Thanks



  • 8.  RE: Port 25

    Posted Apr 13, 2011 07:25 AM

    Hi Omar,

     

    This new rule stops SEP 11 clients with the NTP (firewall) component from sending mail on port 25:

    Create a new rule in the SEPM firewall policy to block traffic to port 25

     

    Be sure to set that to "block" and not "allow."

     

    So if the root cause of your problem is in fact SEP clients sending unwanted mail on this default port 25, assigning a policy with this rule will stop them.

     

    Please keep the forum community up-to-date with your progress!

     

    With thanks and best regards,

     

    Mick / ميك



  • 9.  RE: Port 25

    Posted Apr 13, 2011 07:28 AM

    In case this is not obvious.... &: )

     

    Do not apply a policy that contains that rule to a SEP client that is installed on a mail server!  I will block all server-to-server mail traffic on port 25.......  only apply a policy with that rule to SEP client that should NOT be sending any legitimate traffic on port 25.

     



  • 10.  RE: Port 25

    Posted Apr 17, 2011 09:21 AM

    Thanks Mick,

    could you please guide me by steps



  • 11.  RE: Port 25

    Posted Apr 17, 2011 10:24 AM

    Hi Omar,

     

    All the security webites keep a track of IP addresses that send SPAM emails.

     

    Its called as Real Time Black List or RBL.

    Please ensure with your ISP that your IP address is not appearing in any of these. Check the reputation of the IP address on http://www.siteadvisor.com/howitworks/index.html

    @Symantec Support: Please let us know if there is one such site from Symantec as well.

    Regards,

    Aniket Amdekar



  • 12.  RE: Port 25

    Posted Apr 18, 2011 03:39 AM

    In the SEPM, click on Policies

    Select the firewall policy that is in use for those SEP clients

    Edit the policy to add a rule

    Add a new blank rule, and move it high up in the list

    Configure it as in the screenshot

    Be sure that it is set to "block" and now "allow"