Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

block smtp outbound in IOS

I'm trying to figure out how to block outbound smtp access except from my exchange server. Here is the ACL i developed.

ip access-list extended SMTP

permit tcp 10.10.152.200 0.0.0.255 any eq smtp

deny tcp any any eq smtp

permit ip any any

I thought i would apply it outbound (ip access-group SMTP out) on my inside interface but when i do that I can no longer accept connections inbound to the server. Where should I have this? Is something wrong with the ACL itself?

Thanks Much!

1 REPLY

Re: block smtp outbound in IOS

Try applying it to your inside interface, incoming (ip access-group SMTP in). It will look at traffic coming INTO the interface on the router and determine what to do with it. Remember, access-lists should usually be applied closest to source.

892
Views
0
Helpful
1
Replies