Firewall Wizards mailing list archives
Re: Pix 535 Logging
From: "Horvath, Kevin M." <KEVIN.M.HORVATH () saic com>
Date: Wed, 8 Nov 2006 10:52:19 -0500
Just deny everything external for smtp except for your mail servers and then configure logging for at least informational (off the top of my head I think this is what will catch the denies). You could sort out what you want to see at the syslog server. Or you could use your border router with an egress acl with a deny on all port 25 traffic except for your mail servers and put a log at the end of the deny rule (make sure logging is configured correctly on the router). The router will work depending on where you do your NAT/PAT and if you use pat before the border then it wont work at all so you would need to use the firewall rules. Hope this helps. Cheers, Kevin -----Original Message----- From: firewall-wizards-bounces () listserv cybertrust com [mailto:firewall-wizards-bounces () listserv cybertrust com] On Behalf Of James Burns Sent: Wednesday, November 08, 2006 5:50 AM To: Firewall Wizards Subject: [fw-wiz] Pix 535 Logging Hi, I have a quick question regarding logging on a Pix 535. We're currently getting a lot of CERT notifications for spammers operating within our network - mainly just students with 0wned machines, but we're looking into ways to automate the procedure slightly. Anyway, what I'm looking to do, and what I need help with.... I want to know if it's possible to log all outbound port 25 connection attempts, EXCEPT those that come from our authorised MX's and mail servers. AND I would like to be able to do this in addition to the normal logging that takes place. So, is it possible? Any thoughts and guidance you can provide are very much appreciated. Cheers, James -- James Burns Network Advisor - Student & Learning Support University of Sunderland -- University of Sunderland - life-changing: see our new TV advert at http://www.lifechangingsunderland.com or http://www.sunderland.ac.uk _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Pix 535 Logging James Burns (Nov 08)
- Re: Pix 535 Logging Brian Loe (Nov 08)
- Re: Pix 535 Logging James Burns (Nov 09)
- Re: Pix 535 Logging David Swafford (Nov 08)
- Re: Pix 535 Logging Paul Melson (Nov 09)
- <Possible follow-ups>
- Re: Pix 535 Logging Horvath, Kevin M. (Nov 08)
- Re: Pix 535 Logging Behm, Jeffrey L. (Nov 09)
- Re: Pix 535 Logging Brian Loe (Nov 08)