This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

We got blacklisted by Spamhaus!

Hello all,

Today we got blacklisted by Spaumhaus. 

Our setup:

We have many companies sharing one big building and we have not "control" over all the companies but each and every one of the computers inside of the building will go through our Sophos UTM.

We are quite sure that one of the computers inside this building is infected by some sort of virus that is sending spam.

Is there a way to identify this computer by studying the Sophos UTM log-files?

Thanks for any help! :)



This thread was automatically locked due to age.
  • Agreed with Toni and Philipp about port 25, Kurt.  I've not tried it or seen it done, but you might be able to play with 'TCP SYN Flood Protection' packet rates and some Exceptions.  If you do experiment with that, please come back and let us know your results.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA