block smtp outbound in IOS

Unanswered Question
Jun 2nd, 2009
User Badges:

I'm trying to figure out how to block outbound smtp access except from my exchange server. Here is the ACL i developed.

ip access-list extended SMTP

permit tcp any eq smtp

deny tcp any any eq smtp

permit ip any any

I thought i would apply it outbound (ip access-group SMTP out) on my inside interface but when i do that I can no longer accept connections inbound to the server. Where should I have this? Is something wrong with the ACL itself?

Thanks Much!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jjohnston1127 Tue, 06/02/2009 - 06:44
User Badges:
  • Silver, 250 points or more

Try applying it to your inside interface, incoming (ip access-group SMTP in). It will look at traffic coming INTO the interface on the router and determine what to do with it. Remember, access-lists should usually be applied closest to source.


This Discussion