Check out some similar questions!

EyeNoNothing · May 12, 2010, 10:21 AM

I'm hoping someone can help me out here. Our company has a new Sonicwall Firewall installed. We recently became blacklisted due to a virus/trojan and some SPAM. I believe I need to block all outgoing traffic on Port 25 except that of our mail server but I'm not entirely sure how to go about it.

I did not originally set up the firewall, but I do have admin access and some history with watchguard configs.

raj2160 · May 20, 2010, 02:57 PM

This is actually easier than you think and is done for all companies I've worked for

You just need to create the acl with allow entries before deny entries

So allow mail host any port 25
Deny any any port 25

Depending on where you put the entry ingress (in) port or egress (out) port you'll need to pay attention to the internal or natted ip of the mail server and of course you don't want to have this as an incoming entry from your internet port because then you'll block all mail traffic coming into your domain.

Best to put the acl on your egress (internet) port with direction out to minimize cpu utilization

EyeNoNothing · May 21, 2010, 05:54 AM

Thanks raj! I set it up to block all outgoing to port 25 then created one to allow the IP of the mail server and listed it as a higher priority than the deny all. We can still send mail so it appears to be working!