Deny all outgoing smtp attempts except for mail server

Discussion in 'Cisco' started by drhopkins, Mar 22, 2006.

  1. drhopkins

    drhopkins Guest

    We have a pix 501, 6.3(1), using NAT to allow Internet access for all
    users. We have an infected computer on our network sending mail, but
    cannot locate the machine. We would like to create an access list on
    the pix denying all outbound attempts on port 25 except for our
    legitimate e-mail server (, then check the logs for the
    rogue machine making attempts to send mail.

    The access-list rule is as follows:
    access-list inside_out_smtp deny tcp any any eq smtp
    access-list inside_out_smtp permit tcp any eq smtp
    access-group inside_out_smtp in interface inside

    Our problem:
    Once this rule is applied, all outbound Internet traffic stops. I feel
    that I am close, but must be missing something or might have something
    out of order in the configuration. Any help or suggestions are
    appreciated. Thank you for your time, David.
    drhopkins, Mar 22, 2006
    1. Advertisements

  2. First, you need to change the order of the two statements. The permit line
    should be first, the deny line should follow the permit line.
    Second, you need a third line:
    access-list inside_out_smtp permit ip any any

    Christoph Gartmann

    Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
    Postfach 1169 Internet: [email protected] dot mpg dot de
    D-79011 Freiburg, Germany
    Christoph Gartmann, Mar 22, 2006
    1. Advertisements

  3. drhopkins

    drhopkins Guest

    Problem fixed! Thank you for your time, Dave.
    drhopkins, Mar 22, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.