cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3322
Views
0
Helpful
4
Replies

Deny all traffic except port 80 and 443 (https://mail.domain.com/)

Attiq
Level 1
Level 1

Hello Experts,,

our company has spam email problem. users getting spam from external. basically we are getting smtp traffic from two ways. below is the traffic flow.

1) smtp relay agent (smtp filtration) ==> exchange server ==> user mailbox

2) directly exchange server ==> users mailbox 

you're thinking, its not related at this forum but i have to configure ACLs to control this flow. the 1st direction is working fine even detecting and rejecting the spam. 

but the problem in 2nd flow because exchange server configured auto discovery (SSL Certificate handshake) with remote/mobile users and this way we're getting spam because all the traffic is allowed. i'm trying to configure ACL to deny all other traffic expect port 80 and 443 for SSL certificate.

ACL 101

deny ip any host (exchange server ip)

permit tcp any host (exchange server ip) eq 80

permit tcp any host (exchange server ip) eq 443

apply router 800 interface 

ip access-group 101 in

please share your suggestions .

1 Accepted Solution

Accepted Solutions

Philip D'Ath
VIP Alumni
VIP Alumni

Wrong order.

ACL 101

permit tcp any host (exchange server ip) eq 80

permit tcp any host (exchange server ip) eq 443

deny ip any host (exchange server ip)

apply router 800 interface 

ip access-group 101 in

View solution in original post

4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

Wrong order.

ACL 101

permit tcp any host (exchange server ip) eq 80

permit tcp any host (exchange server ip) eq 443

deny ip any host (exchange server ip)

apply router 800 interface 

ip access-group 101 in

@Philip

thanks for reply

what will be correct order. 

The order that I supplied in my post/reply ...

Thanks @Philip

i'll try this and update later. 

Review Cisco Networking for a $25 gift card