Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
0
Helpful
2
Replies

Locking down SMTP port to accept only from an external IP range to exchange server

SAM KAWTHARANI
Level 1
Level 1

‎05-23-2011 06:19 AM - edited ‎03-21-2019 04:08 AM

Hi

My Client have a UC560 and they are inplementing and exchange server which is pointed to an external hosted Spam filtering ccompany (McAfee), the client wants only his server to accept mail from the hosted source which they have provide a range of IP (208.65.144.0/21 and 208.81.64.0/22),

as an intrerim I have opent port 25 to any any (ip nat inside source static tcp xxx.xxx.xxx.xxx 25 interface GigabitEthernet0/0 25) and added to outside ACL the foolowing statement (access-list 104 permit tcp any host 119.xxx,xxx,xxx eq smtp log)

your assistance would be appreciated

Labels:
0 Helpful
2 Replies 2

Ryan-Kramer
Level 1
Level 1

‎05-23-2011 09:52 AM

- Your NAT statement will stay the same

- Remove permit tcp any host 119.xxx,xxx,xxx eq smtp log from access-list 104

access-list 104 permit tcp 208.65.144.0 0.0.7.255 host 119.x.x.x eq 25 log
access-list 104 permit tcp 208.81.64.0 0.0.3.255 host 119.x.x.x eq 25 log

Where 119.x.x.x is your inside global address.

0 Helpful

SAM KAWTHARANI
Level 1
Level 1
In response to Ryan-Kramer

‎05-23-2011 01:37 PM

Thanks Ryan for the reply, I will check it today

0 Helpful
Customers Also Viewed These Support Documents