Hi All.

I have a customer with a Draytek Vigor 2820 on firmware 3.2.0

They have recently had the displeasure of being blacklisted due to one or more of their PCs being infected with a Trojan that was spamming every man and his dog in cyber space.

Although the PCs have all been cleaned I need to configure the firewall on the Draytek so only the exchange server is able to transmit traffic on port 25 so even if they become re-infected the spam bot will not be able to use its own engine on port 25.

Can someone help me out with this?

Cheers

1. create a rule that blocks all port 25 and 110 from LAN to WAN and action to be "Block Unless further match"

2. Create a rule for the IP address of the mail for the above ports and the Action "Pass Immediately "

the date filter works top down so its need to be in the order above

thanks

Do I need to make two separate rules for port 25 and port 110 as in the rule I can only specify a single port or port range.

Depending on the firmware version you can create an Service Group. First create a Service Type Object for each service then add these to a Service Type Group. Now you can select the group name in your firewall rule.

John