Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Block Conficker trojan (some of users are infected to conficker. therefore I want to block sending out email.)
  •  
DeamonAngel

Messages: 4
Karma: -1
Send a private message to this user
Hello,

My network is reported as spammer. We look into why such this happen we block all ports are related to sending out emails.
We understood some clients are infected to a Trojan calling "Conficker" that send email via its virtual smtp server.

I want to find a way to block it. But I don't know how. Please if there's anybody there have enough knowledge on this help me out to fixing. Sending email through my network is forbidden. How can I recognize who send email through every port and block it.
  •  
DeamonAngel

Messages: 4
Karma: -1
Send a private message to this user
I am really needed a solution on this issue. if there's anyone there could help me out please share their information.
  •  
DeamonAngel

Messages: 4
Karma: -1
Send a private message to this user
I have the same problem:
I blocked all standard emails thru traffic rules and also set "Emails" as deny at Web-Filter.
Nothing work! The email at webfilter declares we don't care about ports only connection but it can not block conficker/cutwail and etc...

if anybody has solution please post it here.
  •  
Petr Dobry (Kerio)

Messages: 778
Karma: 61
Send a private message to this user
Create a new traffic rule blocking all outgoing connections to port 25. That will block all outgoing email traffic.

Petr Dobry
Product Development Manager | Kerio

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
Looking for help ? - http://kb.kerio.com
  •  
DeamonAngel

Messages: 4
Karma: -1
Send a private message to this user
This is really simple way you offer and not working! Conficker/cutwail and many trojans like them use random open ports and send email via own smtp virtual server that create on clients' computer. it means our clients who connects to kerio via vpn would send massive volume emails thru our network. it means our network receive tons of abuse.
  •  
Petr Dobry (Kerio)

Messages: 778
Karma: 61
Send a private message to this user
Destination port for delivering emails is always 25. That's how it works. If you block that port, no email will be delivered from your network.

Petr Dobry
Product Development Manager | Kerio

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
Looking for help ? - http://kb.kerio.com
Previous Topic: How to put a modified star.ftb back to Kerio Control 8.2.2
Next Topic: Importing url group
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Mar 31 02:24:41 CEST 2017

Total time taken to generate the page: 0.00979 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.