Deny all outgoing smtp attempts except for mail server

Discussion in 'Cisco' started by drhopkins@cox.net, Mar 22, 2006.

  1. Guest

    We have a pix 501, 6.3(1), using NAT to allow Internet access for all
    users. We have an infected computer on our network sending mail, but
    cannot locate the machine. We would like to create an access list on
    the pix denying all outbound attempts on port 25 except for our
    legitimate e-mail server (192.168.1.9), then check the logs for the
    rogue machine making attempts to send mail.

    The access-list rule is as follows:
    access-list inside_out_smtp deny tcp any any eq smtp
    access-list inside_out_smtp permit tcp 192.168.1.9 any eq smtp
    access-group inside_out_smtp in interface inside

    Our problem:
    Once this rule is applied, all outbound Internet traffic stops. I feel
    that I am close, but must be missing something or might have something
    out of order in the configuration. Any help or suggestions are
    appreciated. Thank you for your time, David.
     
    , Mar 22, 2006
    #1
    1. Advertising

  2. In article <>, writes:
    >We have a pix 501, 6.3(1), using NAT to allow Internet access for all
    >users. We have an infected computer on our network sending mail, but
    >cannot locate the machine. We would like to create an access list on
    >the pix denying all outbound attempts on port 25 except for our
    >legitimate e-mail server (192.168.1.9), then check the logs for the
    >rogue machine making attempts to send mail.
    >
    >The access-list rule is as follows:
    >access-list inside_out_smtp deny tcp any any eq smtp
    >access-list inside_out_smtp permit tcp 192.168.1.9 any eq smtp


    First, you need to change the order of the two statements. The permit line
    should be first, the deny line should follow the permit line.
    Second, you need a third line:
    access-list inside_out_smtp permit ip any any

    Regards,
    Christoph Gartmann

    --
    Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
    Immunbiologie
    Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
    D-79011 Freiburg, Germany
    http://www.immunbio.mpg.de/home/menue.html
     
    Christoph Gartmann, Mar 22, 2006
    #2
    1. Advertising

  3. Guest

    Problem fixed! Thank you for your time, Dave.
     
    , Mar 22, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mac Hammer
    Replies:
    5
    Views:
    990
    Jyri Korhonen
    Jun 21, 2005
  2. =?Utf-8?B?SVQtTU9ORVk=?=
    Replies:
    20
    Views:
    1,064
    Guest
    Sep 5, 2006
  3. Sens Fan Happy In Ohio

    Symantec Anti-Virus 10 - Turn off Outgoing (SMTP) e-mail scan?

    Sens Fan Happy In Ohio, Feb 7, 2006, in forum: Computer Support
    Replies:
    4
    Views:
    2,321
    larbowlin
    Feb 8, 2006
  4. Ross
    Replies:
    10
    Views:
    3,997
  5. Giuen
    Replies:
    0
    Views:
    1,599
    Giuen
    Sep 12, 2008
Loading...

Share This Page