Deny Access from a Spammer

Unanswered Question
May 24th, 2007

Hello all,

I have an example here. I would like to block access to our mail server from a spammer using an access list. Can anyone tell me if this is correct?

Spammer: 201.86.141.99

Mail Server: 209.24.251.74

Would this be correct?

access-list access_list_name deny tcp 201.86.141.99 255.255.255.255 host 209.24.251.74 eq smtp

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Thu, 05/24/2007 - 11:47

Yes, or just use "host"

access-list access_list_name deny tcp host 201.86.141.99 host 209.24.251.74 eq smtp

access-list access_list_name permit tcp any host 209.24.251.74 eq smtp

access-group access_list_name in interface outside

Wilson Samuel Thu, 05/24/2007 - 12:09

Hi,

Though I'm taking the conversation to a different level, however this configuration will not be able to solve the issue if the Spammer is using a Spoofed IP or what if the Spammer changes the IP?

I would suggest / recommend that its quite unwise these days to NOT to have a good Anti-Spam software and by the way I have found that TrendMicro is one of the best AV / Security suite I have ever come across.

Kind Regards,

Wilson Samuel

danny9797 Fri, 05/25/2007 - 05:59

Hello,

Thanks for the responses. Samuel, I do agree, it will only help to a certain extent temporarily. I would love to get an external spam based firewall setup.

I'm just curious with using access lists.

I can also use this command if I don't want a bad address to get anywhere:

access-list access_list_name deny tcp host 201.86.141.99 any eq smtp

This would be correct, right?

Also, what is the difference if I we're to use a subnet mask after I.P? I know on the router you can specify the amount of hosts (ie, 0.0.0.15). Can you do the same on firewalls?

access-list access_list_name deny tcp 201.86.141.99 0.0.0.10 host 209.24.251.74 eq smtp

Would this block all i.p's from 201.86.141.99-201.86.141.109?

acomiskey Fri, 05/25/2007 - 06:06

"I can also use this command if I don't want a bad address to get anywhere:

access-list access_list_name deny tcp host 201.86.141.99 any eq smtp"

Yes.

"Also, what is the difference if I we're to use a subnet mask after I.P? I know on the router you can specify the amount of hosts (ie, 0.0.0.15). Can you do the same on firewalls?"

You specify the subnet mask in firewalls, not a wildcard.

access-list access_list_name deny tcp 201.86.141.0 255.255.255.0 host 209.24.251.74 eq smtp

This would deny the entire 201.86.141.0 network.

"host 209.24.251.74" is also the same as "209.24.251.74 255.255.255.255"

Actions

This Discussion