block smtp outbound in IOS

Unanswered Question
Jun 2nd, 2009

I'm trying to figure out how to block outbound smtp access except from my exchange server. Here is the ACL i developed.

ip access-list extended SMTP

permit tcp 10.10.152.200 0.0.0.255 any eq smtp

deny tcp any any eq smtp

permit ip any any

I thought i would apply it outbound (ip access-group SMTP out) on my inside interface but when i do that I can no longer accept connections inbound to the server. Where should I have this? Is something wrong with the ACL itself?

Thanks Much!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jjohnston1127 Tue, 06/02/2009 - 06:44

Try applying it to your inside interface, incoming (ip access-group SMTP in). It will look at traffic coming INTO the interface on the router and determine what to do with it. Remember, access-lists should usually be applied closest to source.

Actions

This Discussion