Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Deny all outgoing smtp attempts except for mail server

Reply
Thread Tools

Deny all outgoing smtp attempts except for mail server

 
 
drhopkins@cox.net
Guest
Posts: n/a
 
      03-22-2006
We have a pix 501, 6.3(1), using NAT to allow Internet access for all
users. We have an infected computer on our network sending mail, but
cannot locate the machine. We would like to create an access list on
the pix denying all outbound attempts on port 25 except for our
legitimate e-mail server (192.168.1.9), then check the logs for the
rogue machine making attempts to send mail.

The access-list rule is as follows:
access-list inside_out_smtp deny tcp any any eq smtp
access-list inside_out_smtp permit tcp 192.168.1.9 any eq smtp
access-group inside_out_smtp in interface inside

Our problem:
Once this rule is applied, all outbound Internet traffic stops. I feel
that I am close, but must be missing something or might have something
out of order in the configuration. Any help or suggestions are
appreciated. Thank you for your time, David.

 
Reply With Quote
 
 
 
 
Christoph Gartmann
Guest
Posts: n/a
 
      03-22-2006
In article <(E-Mail Removed). com>, http://www.velocityreviews.com/forums/(E-Mail Removed) writes:
>We have a pix 501, 6.3(1), using NAT to allow Internet access for all
>users. We have an infected computer on our network sending mail, but
>cannot locate the machine. We would like to create an access list on
>the pix denying all outbound attempts on port 25 except for our
>legitimate e-mail server (192.168.1.9), then check the logs for the
>rogue machine making attempts to send mail.
>
>The access-list rule is as follows:
>access-list inside_out_smtp deny tcp any any eq smtp
>access-list inside_out_smtp permit tcp 192.168.1.9 any eq smtp


First, you need to change the order of the two statements. The permit line
should be first, the deny line should follow the permit line.
Second, you need a third line:
access-list inside_out_smtp permit ip any any

Regards,
Christoph Gartmann

--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
Immunbiologie
Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html
 
Reply With Quote
 
 
 
 
drhopkins@cox.net
Guest
Posts: n/a
 
      03-22-2006
Problem fixed! Thank you for your time, Dave.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to Block all outbound SMTP except Exchange Server Ross Cisco 10 07-25-2007 09:58 PM
newbie: allow deny vs deny allow Jeff ASP .Net 2 09-19-2006 02:12 AM
Help Pop3 email exchange smtp outgoing mail not allowed in network =?Utf-8?B?SVQtTU9ORVk=?= MCSE 20 09-05-2006 05:31 PM
Symantec Anti-Virus 10 - Turn off Outgoing (SMTP) e-mail scan? Sens Fan Happy In Ohio Computer Support 4 02-08-2006 11:10 AM
PIX 501-Closing SMTP to all inside addresses except Server Mac Hammer Cisco 5 06-21-2005 12:09 PM



Advertisments