Firewall Wizards mailing list archives

Re: Pix 535 Logging

From: "Horvath, Kevin M." <KEVIN.M.HORVATH () saic com>
Date: Wed, 8 Nov 2006 10:52:19 -0500

Just deny everything external for smtp except for your mail servers and then
configure logging for at least informational (off the top of my head I think
this is what will catch the denies).  You could sort out what you want to
see at the syslog server.  Or you could use your border router with an
egress acl with a deny on all port 25 traffic except for your mail servers
and put a log at the end of the deny rule (make sure logging is configured
correctly on the router).  The router will work depending on where you do
your NAT/PAT and if you use pat before the border then it wont work at all
so you would need to use the firewall rules.  Hope this helps.

Cheers,
Kevin

-----Original Message-----
From: firewall-wizards-bounces () listserv cybertrust com
[mailto:firewall-wizards-bounces () listserv cybertrust com] On Behalf Of James
Burns
Sent: Wednesday, November 08, 2006 5:50 AM
To: Firewall Wizards
Subject: [fw-wiz] Pix 535 Logging

Hi,

I have a quick question regarding logging on a Pix 535.

We're currently getting a lot of CERT notifications for spammers 
operating within our network - mainly just students with 0wned machines, 
but we're looking into ways to automate the procedure slightly.

Anyway, what I'm looking to do, and what I need help with.... I want to 
know if it's possible to log all outbound port 25 connection attempts, 
EXCEPT those that come from our authorised MX's and mail servers. AND I 
would like to be able to do this in addition to the normal logging that 
takes place.

So, is it possible?

Any thoughts and guidance you can provide are very much appreciated.

Cheers,
James

-- 
James Burns

Network Advisor - Student & Learning Support
University of Sunderland



-- 
University of Sunderland - life-changing: see our new TV advert at
http://www.lifechangingsunderland.com or http://www.sunderland.ac.uk
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Pix 535 Logging James Burns (Nov 08)
- Re: Pix 535 Logging Brian Loe (Nov 08)
  - Re: Pix 535 Logging James Burns (Nov 09)
- Re: Pix 535 Logging David Swafford (Nov 08)
- Re: Pix 535 Logging Paul Melson (Nov 09)
- <Possible follow-ups>
- Re: Pix 535 Logging Horvath, Kevin M. (Nov 08)
- Re: Pix 535 Logging Behm, Jeffrey L. (Nov 09)