Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Confusion setting up a SMTP Port Block

I am bit confused on terminology and how to go about setting up the ASA to block any SMTP traffic outbound except for our Exchange Server. This is in relationship to a SpamBot issue that blacklisted us. 

I have an ASA 5510 running version 6.2(5) / 8.2(2) with three ports. DMZ, Inside and the Outside interface. Up till today, I only needed to block outside traffic to our internal network which I used the ASDM to configure a rule on the outside interface for an incoming rule. I am assuming I need to create an outgoing rule on the outside interface; however, just to make sure I understand the terminology/traffic flow, I created the rule with my computer as the source (192.168.0.131) with ALL destination and the service as HTTP. My logic, which seems to fail here, is that any traffic from my computer going outbound would be blocked; however I am still able to browse... That said, if I were to change the source as the Exchange server and the Service Type to SMTP, it would not actually block traffic and therefore not solve our problem.  I even gone as far as permitting traffic from my computer, expanding the hit counter and I see no hits.  So I am no doubt doing this wrong. What I do know, is when I first created the rule, a second rule was automatically created (Implicit rule) that deny all sources and blocked all HTTP traffic until I changed it to Permit

I am including a screenshot showing the two rules. Again, I have my machine permitted at the moment, but it does not matter if it was set to deny. I was still any to browse.

Please help!

2 REPLIES
New Member

Confusion setting up a SMTP Port Block

Hi Wright,

              The rule you have to block incoming traffic (from inside LAN) is to be put on inside interface, not outside.

Please try and let me know.

Thanks

Sajan Thomas

New Member

Confusion setting up a SMTP Port Block

So it is an outgoing rule on the inside interface? When I create this, I am guessing it will do the same as before and create a implicit rule that I will need to revise, correct?   Since it is on the inside interface, does this impact servers internally communicating with our Exchange server? A bit of detail here just in case that is not clear... I have several, actually many servers that point to the Exchange server to send mail. An example being our Web Server (IIS). Do I need to add each of these servers to the permit rule or does the rule ONLY effect traffic going outside the network (even though it is on the internal interface).

The servers that communicate with Exchange (like IIS) is all internal.  Thanks!

326
Views
0
Helpful
2
Replies