Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Find a PC that is attacking an email server

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      root2020
      last edited by

      I have been tasked to find a system on a LAN that is attacking an email server on the Internet. I am going to install a pfsense firewall on the LAN this coming week. What would be the best course of action to find this box from pfsense. Their ISP has already sent them a cease and desist and if this is not taken care of, they will shut the company's Internet off.

      Any help would be great

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Probably a spam bot on something I'm guessing. Setup the LAN firewall rules to only permit SMTP from known legit mail servers, block all other SMTP with logging, check the firewall log.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Putting in pfsense is always a good idea ;)

          But you sure don't need pfsense to track down the box attacking an outbound server?  Just a simple sniff of the outbound traffic will tell you which box it is.

          Very curious how your tasked with this, when you seem lacking in understanding "how" even?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • D
            dreamslacker
            last edited by

            @root2020:

            I have been tasked to find a system on a LAN that is attacking an email server on the Internet. I am going to install a pfsense firewall on the LAN this coming week. What would be the best course of action to find this box from pfsense. Their ISP has already sent them a cease and desist and if this is not taken care of, they will shut the company's Internet off.

            Any help would be great

            You might want to find out 'how' the server is being attacked.  Is it spam mail or DoS?  That will help you nail the culprit(s) down rather quickly with a proper firewall in place (pfSense or otherwise).

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.