Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Prevent spam before router


We are a small ISP and we have a problem in one of our locations, we have a Router 2811 with 5Mb of internet and around 50 clients behind, the router in the WAN interface have a public IP and is doing NAT to the LAN interface of clients and the problem is that one or more clients PCs are sending spam to the internet and that's why the public IP of the WAN interface is too often in some DNSBLs or blacklist and some other clients when they send emails from they own domains doesn't arrive because it's say that the IP of the WAN interface is in a blacklist.

The question is, can we do something to prevent this without have to change the public IP????


Re: Prevent spam before router

You bet. Apply an ACL on the LAN interface denying the end users SMTP access but allowing your mail server. Assume your mail server is

ip access-list extended FILTER_OUTBOUND

permit tcp host any eq 25

deny tcp any any eq 25 log (log is optional)

permit ip any any

interface fa0/1

ip access-group FILTER_OUTBOUND in

Hope that helps.


Re: Prevent spam before router

Also, there are professional solutions from Cisco, such as IRONPORT, that will solve the problem for you based on the complex scores of the traffic. We use them and I have nothing but praise for them. Also, the licensing is very attractive.

CreatePlease to create content