hello. a user on our system is getting literally hundreds of smtp mails with a virus attachment. i have attachment blocking and virus scanning in place. but the notifications are becoming a hinderence. these mails are coming from the same machine and IP address each time. i would like to block this IP address using the PIX 515e we use. is this possible? i tried to do this before and failed miserably. thanks.
I'm assuming that you have an access list (or conduits) on the outside interface allowing smtp from anywhere on the net to your mail server. Your going to have to put a deny statement denying that IP before your permit statement. So it should look like this...
access-list outside_access_in deny ip host BLOCKED-IP any
access-list outside_access_in permit tcp any host MAIL-SERVER-IP eq smtp
thanks for the reply. if the mail server is on the inside interface and SMTP traffic is NAT-ed from the outside interface to the inside interface, is the "MAIL-SERVER-IP" the private number or the number that references the MX record?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...