Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
0
Helpful
4
Replies

Can a PIX 502 do Spam Filtering?

trevorjackson
Level 1
Level 1

‎07-16-2004 12:41 PM - edited ‎02-20-2020 11:30 PM

That pretty much sums it up. Can a pix be setup to monitor all port 25 traffic and then delete any emails that are spam?

0 Helpful
4 Replies 4

nkhawaja
Cisco Employee
Cisco Employee

‎07-16-2004 04:04 PM

I dont think PIX by default can do that. I could not find it either in the IDS signatures available for PIX. There is such thing in ROUTER IDS though.

Thanks

Nadeem

0 Helpful

cscott
Level 1
Level 1

‎07-19-2004 10:35 AM

The closest you can get to doing that on the PIX at the moment is blocking IP addresses of known SPAM senders.

0 Helpful

robsys
Level 1
Level 1

‎07-31-2004 02:50 PM

I'm attempting to block spammers by entering thier IP address in the deny statements of the PIX506 firewall. This is a monumental task! I have several large customers (1000 employee's +) with kinda the same setup (PIX / Exchange Server). I don't want to force all of the customers to purchase YET ANOTHER PIECE OF COMPUTER GEAR to filter spam. I think that is why they bought the high end firewall. My technique has been to monitor the incoming email traffic with Microsoft's NetMon (SMS version), with a capture filter designed to filter on the initial mail transfer message. Periodically, I stop the capture and run a NetMon "Expert" to show he top 50 users (the top email senders). I then look through the top ten or so (they usually REALLY stand out) to ensure it is spam .... then add the captured addresses to the firewall. We have an Access database the IP addresses are entered into, which in turn produces a report in the IOS deny format that we merge with the IOS's of other Firewalls.

Cumbersome I know ..... but until I find something better ?????

Here is my problem: 1) I would like a firewall / router appliance that supports uploading a deny list via some type of delimited file of IP addresses.

2) Some of the SPAMMERS still get through, even if on the Deny list ..... I'm totally stumped on how this can happen.

Bill Robinson

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to robsys

‎07-31-2004 08:23 PM

Personally I dont think you can fight spammers via firewall or in fact even with IDS. There are (hopefull) add-ins available for MS Exchange Server to filter out SPAM. You can also think of configuring SMTP filter/relay to filter the traffic before even it hit the MS-EXchange.

Additionally 506 is not a high end firewall ( This feature has nothing to do with high end or low end firewall)

If you have IOS FW feature set on your edge router (assuming it is Cisco), then you can enable IDS, that has capability to block SPAM

Trying to answer your question, the dynamic ACL is done via Cisco IDS. Cisco IDS can dynamically add ACL entries into router/PIX. Not sure if there is any other 3rd party tool available out there. But again, modifying ACL on the PIX is not a solution for SPAM.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card