Deny all outgoing smtp attempts except for mail server

Discussion in 'Cisco' started by drhopkins, Mar 22, 2006.

  1. drhopkins

    drhopkins Guest

    We have a pix 501, 6.3(1), using NAT to allow Internet access for all
    users. We have an infected computer on our network sending mail, but
    cannot locate the machine. We would like to create an access list on
    the pix denying all outbound attempts on port 25 except for our
    legitimate e-mail server (192.168.1.9), then check the logs for the
    rogue machine making attempts to send mail.

    The access-list rule is as follows:
    access-list inside_out_smtp deny tcp any any eq smtp
    access-list inside_out_smtp permit tcp 192.168.1.9 any eq smtp
    access-group inside_out_smtp in interface inside

    Our problem:
    Once this rule is applied, all outbound Internet traffic stops. I feel
    that I am close, but must be missing something or might have something
    out of order in the configuration. Any help or suggestions are
    appreciated. Thank you for your time, David.
     
    drhopkins, Mar 22, 2006
    #1

    1. Advertisements

  2. drhopkins

    Christoph Gartmann Guest

    First, you need to change the order of the two statements. The permit line
    should be first, the deny line should follow the permit line.
    Second, you need a third line:
    access-list inside_out_smtp permit ip any any

    Regards,
    Christoph Gartmann

    --
    Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
    Immunbiologie
    Postfach 1169 Internet: [email protected] dot mpg dot de
    D-79011 Freiburg, Germany
    http://www.immunbio.mpg.de/home/menue.html
     
    Christoph Gartmann, Mar 22, 2006
    #2

    1. Advertisements

  3. drhopkins

    drhopkins Guest

    Problem fixed! Thank you for your time, Dave.
     
    drhopkins, Mar 22, 2006
    #3

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. PIX 501-Closing SMTP to all inside addresses except Server

  2. Access List to Block Outgoing SMTP on PIX

  3. MS's IIS - SMTP outgoing email fails

  4. Help!Outgoing Server SMTP

  5. Help Pop3 email exchange smtp outgoing mail not allowed in network

  6. Symantec Anti-Virus 10 - Turn off Outgoing (SMTP) e-mail scan?

  7. Can open all except 1st e-mail from hotmail in my Gmail Box

  8. How to Block all outbound SMTP except Exchange Server

Loading...