Route mail only through static ip and block port 25

Hi,

We have a Lotus Notes mail server on a static ip behind a linux firewall.  About 3 weeks ago our static ip has been listed on the CBL (spamhaus).  A trojan/worm is obviously still getting on the Internet sending spam mails.

How can I setup Endian to prevent this from happening and that mail is only routed through the server (Win 2000) and block port 25 for all the internal PC's?

Lotus notes uses port 1352 for replication and mail and the mail from outside gets sent to a mailmarshal box and from there gets routed to the static ip (our mail server).
 
The current routing looks like this:  * 10.10.10.10 e.g. our static ip (mail server)

Action Condition Comment Move Add Destination NAT If destination is 172.18.140.1 (don't ask!)
Destination NAT If protocol is TCP and destination is 10.10.10.10. and destination port is 80
Destination NAT If protocol is TCP and destination is 10.10.10.10. and destination port is 9091
Destination NAT If protocol is TCP and destination is 10.10.10.10. and destination port is 443
Destination NAT If protocol is TCP and destination is 10.10.10.10. and destination port is 110
Destination NAT If protocol is TCP and destination is 10.10.10.10. and destination port is 25
Destination NAT If protocol is TCP and destination is 10.10.10.10. and destination port is 1352
Destination NAT If protocol is TCP and input interface is eth1 and destination port is 3389
Destination NAT If protocol is TCP and input interface is eth1 and destination port is 5902
Destination NAT If protocol is TCP and input interface is eth1 and destination port is 5920
Redirect If protocol is TCP and input interface is eth0 and destination port is 80
Destination NAT If protocol is TCP and input interface is eth1 and destination port is 13389

An e-mail from the CBL stated:  This probably WON'T be your Lotus mail server.  It's something else behind the NAT.  You'll need to secure your NAT so that other machines on the LAN cannot get to the Internet on port 25.

Please, I am not good at this and would appreciated any help on how to get our server more secure and blocking spam/viruses and trojans from any pc's - so that our IP isn't listed again.

Many thanks!

Port forward the Red zone port to your mail server.
Block port 25 from Green outgoing.

Is that what you want?

-- Network Admin

doksa wrote:

Hi,

We have a Lotus Notes mail server on a static ip behind a linux firewall.  About 3 weeks ago our static ip has been listed on the CBL (spamhaus).  A trojan/worm is obviously still getting on the Internet sending spam mails.

How can I setup Endian to prevent this from happening and that mail is only routed through the server (Win 2000) and block port 25 for all the internal PC's?

Lotus notes uses port 1352 for replication and mail and the mail from outside gets sent to a mailmarshal box and from there gets routed to the static ip (our mail server).
 
The current routing looks like this:  * 10.10.10.10 e.g. our static ip (mail server)

Action Condition Comment Move Add Destination NAT If destination is 172.18.140.1 (don't ask!)
Destination NAT If protocol is TCP and destination is 10.10.10.10. and destination port is 80
Destination NAT If protocol is TCP and destination is 10.10.10.10. and destination port is 9091
Destination NAT If protocol is TCP and destination is 10.10.10.10. and destination port is 443
Destination NAT If protocol is TCP and destination is 10.10.10.10. and destination port is 110
Destination NAT If protocol is TCP and destination is 10.10.10.10. and destination port is 25
Destination NAT If protocol is TCP and destination is 10.10.10.10. and destination port is 1352
Destination NAT If protocol is TCP and input interface is eth1 and destination port is 3389
Destination NAT If protocol is TCP and input interface is eth1 and destination port is 5902
Destination NAT If protocol is TCP and input interface is eth1 and destination port is 5920
Redirect If protocol is TCP and input interface is eth0 and destination port is 80
Destination NAT If protocol is TCP and input interface is eth1 and destination port is 13389

An e-mail from the CBL stated:  This probably WON'T be your Lotus mail server.  It's something else behind the NAT.  You'll need to secure your NAT so that other machines on the LAN cannot get to the Internet on port 25.

Please, I am not good at this and would appreciated any help on how to get our server more secure and blocking spam/viruses and trojans from any pc's - so that our IP isn't listed again.

Many thanks!