Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM Outbound SMTP rule not working

I am trying to restrict outbound SMTP traffic to a single email server we have, but when I use the rule set below email is not being sent out. I am running FWSM version 2.3(3)2.

access-list INSIDE permit tcp host SERVER1 any eq 25

!

access-list INSIDE deny tcp any any eq 25

Any suggestions?

TIA,

Jim Willson

4 REPLIES
Silver

Re: FWSM Outbound SMTP rule not working

just change the access list by reverse the source and destination of your first entry.It will block your entry and apply this in your exit interface of your outside interface.

Hall of Fame Super Blue

Re: FWSM Outbound SMTP rule not working

Jim

Do you mean restrict outbound mail FROM a single e-mail server ?

where have you applied the access-list ?

Jon

Re: FWSM Outbound SMTP rule not working

Hi .. assuming your smtp server uses the standard 25 protocol .. then your access list is OK as long as it is being applied to the interface where the server resides. !!! NOTE: make sure the smtp server has a dns server configured for dns resolution as well .. !!! i.e perform a nslookup and test dns resolution ..

make sure to add a permit ip any any at the end otherwise your would only allow smtp outbound blocking everything else

I hope it helps .. please rate it if it does !!!

Community Member

Re: FWSM Outbound SMTP rule not working

All,

Yes, my mail server uses port 25. It resides on the 'inside' interface, and I am applying the rule to outbound traffic only. I also have an allow ip any any at the end of the rule to allow all remaining traffic after the unwanted SMTP traffic has been blocked.

What do you mean by make sure I have a DNS server configured for it? If you mean MX records I am covered.

FWIW, this is an Exchange 2003 server.

Thanks,

Jim

228
Views
0
Helpful
4
Replies
CreatePlease to create content