Re: How to allow outgoing SMTP from only ONE address?

harald.pedersen · ‎06-10-2003

What's the best way to prevent the other inside addresses to send smtp trough our firewall?? I don't trust all the computers on the inside so I have to do this....

I have one mailserver and only that one should be allowed to send mail to internet....

I have a PIX 515 sw 6.3

jmia · ‎06-10-2003

Hi Harald -

You could try creating ACL's for the inside host that you don't to use smtp and applying the ACL on the inside interface i.e.

> access-list inside deny tcp host any eq smtp

> access-list inside permit ip any any

- now apply this to the inside interface -

> access-group inside in interface inside

Do 'wr m' (write memory) and test to see if your selected hosts can or can not use smtp.

Hope this helps -

msitzman · ‎06-10-2003

Of course, you need to first permit the access from the one smtp host that you want to be able to send the traffic outbound like this

access-list inside_int permit host any eq smtp

access-list inside_int deny any any eq smtp

access-list inside_int permit ip any any

access-group inside_int in interface inside

Marcus

jmia · ‎06-10-2003

Hi Harald -

The post from Marcus is correct in that you will require one host access to smtp and denying others, but I was just answering your question in denying individual host IP's. As you mentioned that you do not trust certain computers on the inside. Also remember that if you are assigining DHCP IP's to the hosts then you'll incounter problems with the denied ACL Hosts!! so static IP's will work best.

Hope this helps -