Hi guy,

we are having problem in our network related to spams and viruses.
the setup of our network is like this.
all of our clients are connected to out gateway which has Microsoft ISA server and goes out to our ISP, and we don't have any local mail server. our emails and website are managed by outside company. we only get to login to the CPanel where we can add/forward and manage our emails.

now the problem is happening every 2 or 3 days, our IP address gets blocked by the Email provider, where we can't send/receive any email.
Or it gets blocked by ISP where only sending stop working. (port 25)

now though our Antivirus is scanning our computers and deleted what ever it finds but still its not enough ( we are using Epolicy Orchestrator 4.5) from Mcafee which has antiSpam utility only for Exchange server.
I am responsible for this network and thinking of configuring Microsoft Exchange server and using the spam utility in McAfee to scan the emails
Or get a linux box and configure the mail server on it?
now my question is if i go with the linux box and configure Mail server on it will that help me getting rid of the spam and eventually our IP won't get blocked?
and if so how that would happen?

You got to get a more detailed report from your ISP, on what is blocking your email.
Installing another mail server does not look like a solution for you.
It may be a local computer, that is infected with something, that is for you to find out, as soon as your ISP tells you what's really going on.

Setting up a corporate mail server on Linux can be a major piece of work, and nothing you will want to do, unless you have to..

thanks for your reply,
the only detail we get that we are sending too many spams and our IP address is blocked on port no 25, the problems is we are not able to monitor the situation. its like we have no control over it. though we check the pcs on our network there are some viruses but even after they are cleaned out still we have the problem.
What i am trying to do these days is upgrade our windows to SP3 and install IE8 with all the security upgrades. hoping this might give us a good result..
i am open for any other suggestions...

thanks in advance.

There has been a couple of years since I used ISA server, but I remember that it has excellent logging/tracing facilities, so if all your traffic goes through that server, then there should be no problem to start a trace on the ISA server and find out which pc is sending the e-mails.
Just add some criteria like outgoing port 25 (or whatever port you are using to communicate with your external mail manager), and a look in the trace log will reveal any suspicious traffic.

I cannot help you with more details on tracing with ISA, but search for "isa server packet filtering" on google, and you should find some useful info.

From various threads around this forum, it sounds like you may be having an issue relating to mail relay. If you do a search for "mail relay", particularly in the Security forum, you should find some good tips as to how to track it down and fix it.

Because of this, I have moved this thread over to Linux-Security.