Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
0
Helpful
1
Replies

SMTP Access Rule includes what port(s)?

smiths@prpa.org
Level 1
Level 1

‎01-16-2013 02:33 PM - edited ‎03-11-2019 05:48 PM

Hi Everyone,

Does the ASAs access rules for smtp filtering include all smtp ports used or just port 25?

For example, I know Exchange uses 25, 587, 2525, 465 and 475 depending upon server role and function. Port 25 and 587 for server and client connectivity, and 25 or 2525 and 465 on the Mailbox role for accepting internal SMTP connections. So if I wanted to prevent every host from the ability to send mail out of our network; except our Exchange server, would I have to explicidly deny these additional ports or would it be sufficient to deny TCP/SMTP on the ASA?

Steve

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎01-16-2013 04:08 PM

If you deny tcp/smtp, only port 25 is blocked. The protocol-names that you see in the ACLs are just a placeholder for the typical ports.

If you want to restrict your clients to send mails you need to block all relevant ports. Or even better, follow an restrictive approach where you deny everything and only open the ports that are really needed.


Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card