cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


2595
Views
5
Helpful
1
Replies
Beginner

ASA 5510 ACL for blocking outbound SMTP

hey everyone...i'm trying to configure a simple ACL to block smtp traffic from leaving my LAN -- basically prevent internal users from setting up internet email accounts in their email clients and sending through that smtp server. i want my Exchange server only to send smtp traffic. here's what i have:

access-list 102 extended permit tcp host 10.10.1.29 eq smtp any eq smtp <===10.10.1.29 is Exchange

access-list 102 extended deny tcp any eq smtp any eq smtp

access-list 102 extended permit ip any any

access-group 102 in interface inside

after i apply this ACL to the ASA, i am still able to send from my internet email address setup in Outlook using my "foreign" smtp server. what am i missing? Thanks very much.

Everyone's tags (2)
1 REPLY 1
VIP Mentor

Re: ASA 5510 ACL for blocking outbound SMTP

many email-clients send mail through port tcp/587 which is used for SMTP with authentication. You need to block that as well.

And your ACL is wrong. It has to be that:

access-list 102 extended permit tcp host 10.10.1.29 any eq smtp
access-list 102 extended deny tcp any any eq smtp
access-list 102 extended deny tcp any any eq 587
access-list 102 extended permit ip any any


Sent from Cisco Technical Support iPad App