Allow a Range of external SMTP Hosts

Discussion in 'Cisco' started by Ferret, May 24, 2005.

  1. Ferret

    Ferret Guest

    Hi,

    We have recently introduced an External Email Filtering Service and I
    would like to Block all Inbound SMTP connection except for a list of
    nominated hosts.

    I have a Cisco 837 and at the moment all inbound port 25 Connections
    are forwarded to our internal SMTP Server (exchange 5.5).

    The Problem is that there are some spammer still around that are not
    using DNS MX record, but the our public IP address of the Router.

    Any suggestions would be appreciated

    Thanks
    Ferret, May 24, 2005
    #1
    1. Advertising

  2. Ferret

    Garrick Guest

    Try using access lists. If you need help configuring them, please post
    a sanitized (no real IPs or passwords) version of your 'show run' and
    I'm sure someone will be glad to give you some suggestions. Without
    knowing how your current access lists (if any) are configured, I can't
    give you too much more information than that.

    Garrick
    Garrick, May 24, 2005
    #2
    1. Advertising

  3. Ferret

    DaZZa Guest

    Ferret <> mumbled:
    > Hi,
    >
    > We have recently introduced an External Email Filtering Service and I
    > would like to Block all Inbound SMTP connection except for a list of
    > nominated hosts.
    >
    > I have a Cisco 837 and at the moment all inbound port 25 Connections
    > are forwarded to our internal SMTP Server (exchange 5.5).
    >
    > The Problem is that there are some spammer still around that are not
    > using DNS MX record, but the our public IP address of the Router.
    >
    > Any suggestions would be appreciated


    Apply an access list on your inbound interface.

    Something like this should work

    access-list 102 permit tcp <allowed_source_ip> host <destination_Ip> eq 25
    access-list 102 permit tcp <allowed_source> host <destination_ip> eq 25
    access-list 102 deny tcp any any eq 25
    access-list 102 permit ip any any

    You'll need to check into the command reference for the exact syntax -
    I'm a little rusty - but then simply apply that to the inbound traffic
    on your external interface by doing

    interface <interface>
    access-class 102 in

    That should stop anything but the list of allowed hosts (you can put
    more than two, but remember, the longer the list, the harder the router
    has to work to process it) to connect to your destination host, and only
    your destination host, on port 25 without blocking any other IP reaffic
    at all.

    DaZZa

    --
    A rule for life.
    echo 16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlb xq |dc
    Address in header is spamblocked. ROT13 the following for email replies
    DaZZa, May 24, 2005
    #3
  4. Ferret

    Ferret Guest

    HI thanks for the Post

    I have tried the following

    On the dialer Interface added
    no ip access-group 111 in

    and then added the access-list as follows

    access-list 111 permit tcp host <external 1> host <internal Smtp>
    eq 25
    access-list 111 permit tcp host <external 2> host <internal Smtp>
    eq 25
    access-list 111 permit tcp host <external 3> host <internal Smtp>
    eq 25
    access-list 111 permit tcp host <external 4> host <internal Smtp>
    eq 25
    access-list 111 permit tcp host <external 5> host <internal Smtp>
    eq 25
    access-list 111 permit tcp host <external 6> host <internal Smtp>
    eq 25
    access-list 111 deny tcp any any eq 25

    However I only receive Mail from the first listed host ?????

    Any assistance would be appreciated..
    Ferret, May 24, 2005
    #4
  5. Ferret

    Ferret Guest

    Ops I should have said
    the dialer Interface
    ip access-group 111 in
    Ferret, May 24, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marc Hoffman
    Replies:
    1
    Views:
    529
    Walter Roberson
    Feb 22, 2005
  2. ©®
    Replies:
    0
    Views:
    1,456
  3. spec
    Replies:
    7
    Views:
    1,291
    Peter
    Jun 5, 2006
  4. morten
    Replies:
    4
    Views:
    1,214
    Tilman Schmidt
    Sep 4, 2007
  5. jacobe
    Replies:
    1
    Views:
    446
    jacobe
    Jul 13, 2009
Loading...

Share This Page