cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1081
Views
0
Helpful
1
Replies

block smtp outbound in IOS

mloraditch
Level 7
Level 7

I'm trying to figure out how to block outbound smtp access except from my exchange server. Here is the ACL i developed.

ip access-list extended SMTP

permit tcp 10.10.152.200 0.0.0.255 any eq smtp

deny tcp any any eq smtp

permit ip any any

I thought i would apply it outbound (ip access-group SMTP out) on my inside interface but when i do that I can no longer accept connections inbound to the server. Where should I have this? Is something wrong with the ACL itself?

Thanks Much!

1 Reply 1

jj27
Spotlight
Spotlight

Try applying it to your inside interface, incoming (ip access-group SMTP in). It will look at traffic coming INTO the interface on the router and determine what to do with it. Remember, access-lists should usually be applied closest to source.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: