06-09-2009 06:38 PM - edited 03-06-2019 06:10 AM
I have a Cisco ASA 5505 in place at a client, and I've got a PC on the network infected with a spambot sending spam. I need to block port 25 to all PC's on the network EXCEPT for the Exchange server. I created an outbound ACL rule on the outside interface to first permit SMTP traffic for my Exchange server and then created a rule to deny SMTP traffic from source ALL. This is not working, as all systems are still able to use port 25 regardless of the order the rules are listed. Am I missing something? Please help.
06-09-2009 07:09 PM
Kevin
Could you clarify what it is you are trying to do ie.
"need to block port 25 to all PC's on the network EXCEPT for the Exchange server."
This suggests you want to block any outside device connecting to your internal PC's on port 25
"I created an outbound ACL rule on the outside interface to first permit SMTP traffic for my Exchange server and then created a rule to deny SMTP traffic from source ALL."
This suggests you want to stop all your internal PC's connecting to outside devices on port 25.
Which one are you trying to do ?
Jon
06-10-2009 05:35 AM
I am trying to stop all internal PC's from connecting to outside devices on port 25. Except for the exchange server. There is a bot on one of the PC on the network, and I don't know which one. I want to deny access to the port outbound for the desktops, and leave it open for the exchange server only.
06-09-2009 07:35 PM
This is an example of what you will have to do. I am using this for one of my customers when I ran into the same problem
access-list 101 extended permit tcp host 192.168.240.10 any eq smtp
access-list 101 extended deny tcp 192.168.240.0 255.255.255.0 any eq smtp
access-list 101 extended permit ip any any
access-group 101 in interface inside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide