Thank you...

So.. below config is enough or any additional lines needed?

*********************************

access-list BLOCKSMTP extended deny tcp 192.168.x.x 255.255.0.0 any eq 25

access-list BLOCKSMTP extended permit ip any any

access-group BLOCKSMTP in interface INSIDE

*********************************

Thanks again

MS

Looks good. You don't have an email server inside correct?

Correct. Not at this location. The other location server does not use this Internet connection for any outbound SMTP comminication.

Thanks

MS

slight correction to ACL... 'extended' key word does not support on 6.3(4).

question.. I want to enable 'log' with the ACL to see what is the source. It may be hard to tell, but will there be any perf. impact on the PIX as it has to inspect every packet against ACL..?

TIA

MS

It will already inspect every packet with the ACL. Now it will just log an entry which has low overhead.

The SPAM stopped but unable to find the source IP. I tried port 25 to Internet from known PC, the hit count in ACL increases but PIX logging anythign about the souce (internal PC) in buffer or syslog. I observed few messages in PIX log that the deny flow-max is reached(1024).. it is not letting me increase the count. Anyway I can find source address (tried with no avail by changing logging buffered informational) without placing a sniffer..?

ACL on PIX:

*****************************************

access-list BLOCKSMTP extended deny tcp any any eq 25 log 7 interval 600

access-list BLOCKSMTP extended permit ip any any

access-group BLOCKSMTP in interface INSIDE

*****************************************

TIA

MS

Check this link-

https://packetpros.com/images/asa_logging.GIF

You will have to have your buffer logging to Information or higher to see the ACL logging.

Thanks again Collin. It worked with 'debugging' leved enabled.

MS