«

Hi,

We have recently introduced an External Email Filtering Service and I
would like to Block all Inbound SMTP connection except for a list of
nominated hosts.

I have a Cisco 837 and at the moment all inbound port 25 Connections
are forwarded to our internal SMTP Server (exchange 5.5).

The Problem is that there are some spammer still around that are not
using DNS MX record, but the our public IP address of the Router.

Any suggestions would be appreciated

Thanks

Try using access lists. If you need help configuring them, please post
a sanitized (no real IPs or passwords) version of your 'show run' and
I'm sure someone will be glad to give you some suggestions. Without
knowing how your current access lists (if any) are configured, I can't
give you too much more information than that.

Garrick

Ferret <> mumbled:
> Hi,
>
> We have recently introduced an External Email Filtering Service and I
> would like to Block all Inbound SMTP connection except for a list of
> nominated hosts.
>
> I have a Cisco 837 and at the moment all inbound port 25 Connections
> are forwarded to our internal SMTP Server (exchange 5.5).
>
> The Problem is that there are some spammer still around that are not
> using DNS MX record, but the our public IP address of the Router.
>
> Any suggestions would be appreciated

Apply an access list on your inbound interface.

Something like this should work

access-list 102 permit tcp <allowed_source_ip> host <destination_Ip> eq 25
access-list 102 permit tcp <allowed_source> host <destination_ip> eq 25
access-list 102 deny tcp any any eq 25
access-list 102 permit ip any any

You'll need to check into the command reference for the exact syntax -
I'm a little rusty - but then simply apply that to the inbound traffic
on your external interface by doing

interface <interface>
access-class 102 in

That should stop anything but the list of allowed hosts (you can put
more than two, but remember, the longer the list, the harder the router
has to work to process it) to connect to your destination host, and only
your destination host, on port 25 without blocking any other IP reaffic
at all.

DaZZa

--
A rule for life.
echo 16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlb xq |dc
Address in header is spamblocked. ROT13 the following for email replies

HI thanks for the Post

I have tried the following

On the dialer Interface added
no ip access-group 111 in

and then added the access-list as follows

access-list 111 permit tcp host <external 1> host <internal Smtp>
eq 25
access-list 111 permit tcp host <external 2> host <internal Smtp>
eq 25
access-list 111 permit tcp host <external 3> host <internal Smtp>
eq 25
access-list 111 permit tcp host <external 4> host <internal Smtp>
eq 25
access-list 111 permit tcp host <external 5> host <internal Smtp>
eq 25
access-list 111 permit tcp host <external 6> host <internal Smtp>
eq 25
access-list 111 deny tcp any any eq 25

However I only receive Mail from the first listed host ?????

Any assistance would be appreciated..

Ops I should have said
the dialer Interface
ip access-group 111 in