Blocking port 25 on Cisco ASA 5505

Unanswered Question
Jun 9th, 2009

I have a Cisco ASA 5505 in place at a client, and I've got a PC on the network infected with a spambot sending spam. I need to block port 25 to all PC's on the network EXCEPT for the Exchange server. I created an outbound ACL rule on the outside interface to first permit SMTP traffic for my Exchange server and then created a rule to deny SMTP traffic from source ALL. This is not working, as all systems are still able to use port 25 regardless of the order the rules are listed. Am I missing something? Please help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Tue, 06/09/2009 - 19:09

Kevin

Could you clarify what it is you are trying to do ie.

"need to block port 25 to all PC's on the network EXCEPT for the Exchange server."

This suggests you want to block any outside device connecting to your internal PC's on port 25

"I created an outbound ACL rule on the outside interface to first permit SMTP traffic for my Exchange server and then created a rule to deny SMTP traffic from source ALL."

This suggests you want to stop all your internal PC's connecting to outside devices on port 25.

Which one are you trying to do ?

Jon

westernmotor Wed, 06/10/2009 - 05:35

I am trying to stop all internal PC's from connecting to outside devices on port 25. Except for the exchange server. There is a bot on one of the PC on the network, and I don't know which one. I want to deny access to the port outbound for the desktops, and leave it open for the exchange server only.

This is an example of what you will have to do. I am using this for one of my customers when I ran into the same problem

access-list 101 extended permit tcp host 192.168.240.10 any eq smtp

access-list 101 extended deny tcp 192.168.240.0 255.255.255.0 any eq smtp

access-list 101 extended permit ip any any

access-group 101 in interface inside

Actions

This Discussion