locked
Setting Up Rules for SMTP in Windows 2003 Firewall from a remote client RRS feed

  • Question

  • I have a dedicated windows 2003 server rented from Godaddy.

    I manage the server from my home office using Remote Desktop.

    Recently I began receiving hundreds of thousands of unauthorized login attempts to my mail server (345,384 in the last 10 days).

    I use Rockliffe's MailSite mail server (version 7). It does not make easy to block this kind of attack, and I think it would be safer to stop it before it reaches the mail server.

    So I am thinking to use Windows 2003 Firewall to solve the problem.

    I was afraid I would loose my Remote Desktop connection after activating the firewall, but I tried using a local virtual server and I was able to keep the RD connection alive and available.

    Now, what I need is to ban specific networks from reaching the mail server (90+% of the attack comes from 3 or 4 ISPs).

    Can any one help me find documentation that teach me how to define and activate, in Windows 2003, a firewall rule of the form "Allow inbound access to SMTP service for everyone except for these networks"?

    Thank you,

    Wednesday, August 14, 2013 6:13 PM

All replies

  • Could the solution be:

    Using the Security Configuration Wizard.

    In the "Open Ports and Approve Applications" page.

    Select port 25.

    Click the "Advanced" button.

    Select "Restrict remote access to this port to only the following remote access"

    Add this two rules:

    1. Permit all traffic from all IP addresses.

    2. Require encryption from 170.208.1283.0/255.255.128.0

    Add one rule requiring encryption for each subnet I want to block.

    Is the order significant? should the approve rule be the first, the last?

    • Proposed as answer by Jeremy_Wu Saturday, August 24, 2013 1:33 PM
    Wednesday, August 14, 2013 11:16 PM
  • Hi,

    I think your solution is worth a try.

    And, I think the approve rule should be the last one.

    Thanks.


    Best Regards
    Jeremy Wu

    Saturday, August 24, 2013 1:32 PM
  • Hi,

    Is there any update?

    Thanks.


    Best Regards
    Jeremy Wu

    Tuesday, August 27, 2013 6:55 AM
  • Thank you for your contribution, Jeremy. I will try next weekend to avoid damage to my clients. I'll publish how it goes.

    I tried with my local (virtual) windows 2003, but could not reach it from the internet.

    I forwarded in my router ports 23 and 25 to the virtual windows 2003 server fixed IP address.

    I enabled traffic for ports 23 and 25 in my Windows 8 Ultimate 64 bits host's firewall, including that forwarded traffic.

    I tried to open a telnet session to port 25 from my remote Windows 2003 (through Remote Desktop) to my local (virtual) windows 2003 and could not reach it.

    I always received a failure message. I tried several variations of this setup to no avail.

    Wednesday, August 28, 2013 3:34 PM