In our company we have a small business router (Cisco RV082) on which we are using its standard configuration (block all incoming traffic). We also have an SMTP relay configured (using WS2008R2) so that our internal applications can send email through google apps (which requires authentication).
The thing is that the server was being used to send spam. We fixed the problem by only allowing the server to relay email from our internal IP address range (10.0.0.0/16).
My concern is that there was a way by which external IPs connected to the network and that underlying problem has not been fixed, but I cannot imagine how these machines connected.
Any thoughts?
Respuesta1
If restricting your relay addresses to private fixed the problem, one possibility is that your SMTP port is open for inbound traffic. The port will frequently need to be at least slightly open in order to receive email. However, you'll want to restrict the opening to just allowing connections originating from servers that you want to receive email from (I.e. whatever ip range you were given by google apps for email).
Basically, it sounds like two things were happening:
1) Firewall wasn't limiting access to your SMTP port, and was allowing traffic to pass through from an untrusted source.
2) Your email server was relaying all email instead of just stuff from the internal network.
You fixed 2, which will work and should take care of the problem. However, you'll want to look into problem 1 as well to be more secure.
Respuesta2
Atleast windows 2008 SBS can configure your router for you through UPnP. This may be the reason that some firewall rules are set aside.
These seems to be the ports it automatically configures for you through UPnP:
Port 25: SMTP e-mail
Port 80: HTTP Web traffic
Port 443: HTTPS Web traffic
Port 987: HTTPS Web traffic for Windows SharePoint® Services through Remote Web Workplace
Port 1723: VPN if you plan to enable VPN on the Destination Server. You may also need to enable the point-to-point tunneling protocol (PPTP) pass-through on your router.
Taken from: http://technet.microsoft.com/en-us/library/cc527508%28WS.10%29.aspx