Deny Access from a Spammer

Unanswered Question
May 24th, 2007
User Badges:

Hello all,


I have an example here. I would like to block access to our mail server from a spammer using an access list. Can anyone tell me if this is correct?


Spammer: 201.86.141.99

Mail Server: 209.24.251.74


Would this be correct?


access-list access_list_name deny tcp 201.86.141.99 255.255.255.255 host 209.24.251.74 eq smtp


Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Thu, 05/24/2007 - 11:47
User Badges:
  • Green, 3000 points or more

Yes, or just use "host"


access-list access_list_name deny tcp host 201.86.141.99 host 209.24.251.74 eq smtp

access-list access_list_name permit tcp any host 209.24.251.74 eq smtp

access-group access_list_name in interface outside

Wilson Samuel Thu, 05/24/2007 - 12:09
User Badges:
  • Gold, 750 points or more
  • Community Spotlight Award,

    Mobile User, July 2015

Hi,


Though I'm taking the conversation to a different level, however this configuration will not be able to solve the issue if the Spammer is using a Spoofed IP or what if the Spammer changes the IP?


I would suggest / recommend that its quite unwise these days to NOT to have a good Anti-Spam software and by the way I have found that TrendMicro is one of the best AV / Security suite I have ever come across.


Kind Regards,

Wilson Samuel

danny9797 Fri, 05/25/2007 - 05:59
User Badges:

Hello,


Thanks for the responses. Samuel, I do agree, it will only help to a certain extent temporarily. I would love to get an external spam based firewall setup.


I'm just curious with using access lists.


I can also use this command if I don't want a bad address to get anywhere:


access-list access_list_name deny tcp host 201.86.141.99 any eq smtp


This would be correct, right?


Also, what is the difference if I we're to use a subnet mask after I.P? I know on the router you can specify the amount of hosts (ie, 0.0.0.15). Can you do the same on firewalls?


access-list access_list_name deny tcp 201.86.141.99 0.0.0.10 host 209.24.251.74 eq smtp


Would this block all i.p's from 201.86.141.99-201.86.141.109?

acomiskey Fri, 05/25/2007 - 06:06
User Badges:
  • Green, 3000 points or more

"I can also use this command if I don't want a bad address to get anywhere:


access-list access_list_name deny tcp host 201.86.141.99 any eq smtp"


Yes.


"Also, what is the difference if I we're to use a subnet mask after I.P? I know on the router you can specify the amount of hosts (ie, 0.0.0.15). Can you do the same on firewalls?"


You specify the subnet mask in firewalls, not a wildcard.


access-list access_list_name deny tcp 201.86.141.0 255.255.255.0 host 209.24.251.74 eq smtp


This would deny the entire 201.86.141.0 network.


"host 209.24.251.74" is also the same as "209.24.251.74 255.255.255.255"


Actions

This Discussion