I have a fairly basic question. We have a very small network, but have seen spam on the rise recently. It comes from a limited number of domains and I would like to block it at the Router level, so my email server does not even need to see it. However, I've added (what I think are) the appropriate access-list lines and email from those subnets still seems to be passing through. Can someone help. An example of the line that I have is:
access-list 101 deny ip 22.214.171.124 0.0.0.255 any
(I think this blocks ips in the range 126.96.36.199 - 188.8.131.52).
Also, if there is a better (but free) way of blocking incoming spam traffic at the router level, I would love to hear it. We run MS Exchange and it's filtering seems completely inept.
The access-list you show would drop all traffic from 184.108.40.206-255, assuming you have it applied INBOUND on your outside interface, for example:
int serial 0
description Interface to Internet
ip access-group 101 in
Keep in mind though that at the end of every access-list, there's an implicit "deny all", so if you just have the above line in your ACL, it will actually block ALL traffic. A better way to do this would be to just filter SMTP traffic with the following:
access-list 101 deny tcp 220.127.116.11 0.0.0.255 any eq smtp
access-list 101 permit ip any any
Having said that, this is still not a very good way to block spam, since the spam could be coming from any number of different SMTP servers on the Internet. There is really no good way to block it from the router unfortunately, you're better off doing it from your internal mail gateway.
Thanks for the reply. Yes - I have this set inbound on my outside interface.....Hmm, I wonder if it has anything to do with the other filters I have....to be more complete, here is an extended smaple. My email server ip is 18.104.22.168 (not real) in this example.
access-list 101 deny ip 22.214.171.124 0.0.0.255
access-list 101 permit tcp any any established
access-list 101 permit udp any host 126.96.36.199 eq smtp
access-list 101 permit ip any host 188.8.131.52
So - do the last three cancel out the first one - or should this configuration work? I'll look into the firewall product as well.
The reasons I want to block it at the router are (a) it seems to be coming from a reasonably well defined set of spammers and (b) the filtering in MS Exchange (my email server) is just terrible. I started with Exchange filtering and it has just had a 0% success rate. My next step is to purchase a mail spam protection system, but I'm trying to avoid that if I can.
(Plus, it always help to learn more about the capabilities and configuration of the router).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...