05-14-2005 07:23 AM
I want to block all smtp traffic from my customers except for packets destined for my mail server and my mail server only. I would like to do this at the edge and not at the core. I put in the following ACL, but it blocked all smtp traffic.
access-list 115 permit tcp any eq smtp 192.168.0.0 0.0.0.255
access-list 115 deny tcp any eq smtp any
access-list 115 permit ip any any
The reason that I want to do this is to cut down on spam reports to my upstream provider.
Any help would be appreciated.
05-15-2005 05:41 AM
access-list 110 permit tcp [customer subnet] [mask] host [your mail server] any eq smtp
access-list 110 deny tcp any any eq smtp
access-list 110 permit ip any any
example
access-list 110 permit tcp 192.168.0.0 0.0.0.255 host 172.160.1 eq smtp
Ensure you apply the rule in the proper direction.
HTH
06-27-2005 12:34 AM
This is what I am running on my pix
access-list inside_access_out permit tcp host
access-list inside_access_out deny tcp any any eq smtp
Pretty much what it does is it blocks all mail outbout to the internet except from the mail server. I use this rule to deny any virus outbreak that installs a local mail engine and spams away, this way it will show up on my syslog, and I know immediately which workstation is infected. And no mail is sent out of the network unless it goes through the allowed ip.
Hope this helps.
Trevor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide