Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

blocking IP address(es)

hello. a user on our system is getting literally hundreds of smtp mails with a virus attachment. i have attachment blocking and virus scanning in place. but the notifications are becoming a hinderence. these mails are coming from the same machine and IP address each time. i would like to block this IP address using the PIX 515e we use. is this possible? i tried to do this before and failed miserably. thanks.

4 REPLIES
Bronze

Re: blocking IP address(es)

Hi,

I'm assuming that you have an access list (or conduits) on the outside interface allowing smtp from anywhere on the net to your mail server. Your going to have to put a deny statement denying that IP before your permit statement. So it should look like this...

access-list outside_access_in deny ip host BLOCKED-IP any

access-list outside_access_in permit tcp any host MAIL-SERVER-IP eq smtp

Hope that helps...

Community Member

Re: blocking IP address(es)

thanks for the reply. if the mail server is on the inside interface and SMTP traffic is NAT-ed from the outside interface to the inside interface, is the "MAIL-SERVER-IP" the private number or the number that references the MX record?

Bronze

Re: blocking IP address(es)

It is going to be the public address (MX Record) not the private.

Community Member

Re: blocking IP address(es)

You can use an ACL to deny SMTP traffic from the IP to your SMTP server (which is perhaps on the DMZ).

224
Views
0
Helpful
4
Replies
CreatePlease to create content