Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
381
Views
0
Helpful
4
Replies

Deny Access from a Spammer

danny9797
Level 1
Level 1

‎05-24-2007 11:21 AM - edited ‎03-11-2019 03:20 AM

Hello all,

I have an example here. I would like to block access to our mail server from a spammer using an access list. Can anyone tell me if this is correct?

Spammer: 201.86.141.99

Mail Server: 209.24.251.74

Would this be correct?

access-list access_list_name deny tcp 201.86.141.99 255.255.255.255 host 209.24.251.74 eq smtp

Thanks

Labels:
0 Helpful
4 Replies 4

acomiskey
Level 10
Level 10

‎05-24-2007 11:47 AM

Yes, or just use "host"

access-list access_list_name deny tcp host 201.86.141.99 host 209.24.251.74 eq smtp

access-list access_list_name permit tcp any host 209.24.251.74 eq smtp

access-group access_list_name in interface outside

0 Helpful

Wilson Samuel
Level 7
Level 7

‎05-24-2007 12:09 PM

Hi,

Though I'm taking the conversation to a different level, however this configuration will not be able to solve the issue if the Spammer is using a Spoofed IP or what if the Spammer changes the IP?

I would suggest / recommend that its quite unwise these days to NOT to have a good Anti-Spam software and by the way I have found that TrendMicro is one of the best AV / Security suite I have ever come across.

Kind Regards,

Wilson Samuel

0 Helpful

danny9797
Level 1
Level 1
In response to Wilson Samuel

‎05-25-2007 05:59 AM

Hello,

Thanks for the responses. Samuel, I do agree, it will only help to a certain extent temporarily. I would love to get an external spam based firewall setup.

I'm just curious with using access lists.

I can also use this command if I don't want a bad address to get anywhere:

access-list access_list_name deny tcp host 201.86.141.99 any eq smtp

This would be correct, right?

Also, what is the difference if I we're to use a subnet mask after I.P? I know on the router you can specify the amount of hosts (ie, 0.0.0.15). Can you do the same on firewalls?

access-list access_list_name deny tcp 201.86.141.99 0.0.0.10 host 209.24.251.74 eq smtp

Would this block all i.p's from 201.86.141.99-201.86.141.109?

0 Helpful

acomiskey
Level 10
Level 10
In response to danny9797

‎05-25-2007 06:06 AM

"I can also use this command if I don't want a bad address to get anywhere:

access-list access_list_name deny tcp host 201.86.141.99 any eq smtp"

Yes.

"Also, what is the difference if I we're to use a subnet mask after I.P? I know on the router you can specify the amount of hosts (ie, 0.0.0.15). Can you do the same on firewalls?"

You specify the subnet mask in firewalls, not a wildcard.

access-list access_list_name deny tcp 201.86.141.0 255.255.255.0 host 209.24.251.74 eq smtp

This would deny the entire 201.86.141.0 network.

"host 209.24.251.74" is also the same as "209.24.251.74 255.255.255.255"

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card