Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to prevent smtp traffic from internan net

Hi, If any one can help me on this issue. I am running pix 6.3(3). And I have a Exchange server who has mapped 1:1 through the pix and rest of work stations through a globle NAT pool address. How can I prevent unauthorized mail server to send a mail on port 25 whit out effecting my Exchange server to send mail to the outside world. Tanks in advance

Sfanayei

5 REPLIES
Gold

Re: How to prevent smtp traffic from internan net

Sfanayei

If I understood your question correctly - you are asking about how to stop mail relay on your exchange server, is this correct, Please clarify...

Let me know and maybe we can move further with your question.

New Member

Re: How to prevent smtp traffic from internan net

Hi,

It is nothing to do with mail relay on my Exchange server. Because I have a suspicion that one/som work-stations from my internal net sending spam to the outside world (they are behind a nat pool address.

Cisco Employee

Re: How to prevent smtp traffic from internan net

Hello sfanayei,

Just apply an ACL inbound on the inside interface denying port 25 traffic from all machines except from the exchange server.

access-list inside_acl permit tcp host w.x.y.z any eq 25

access-list inside_acl deny tcp any any eq 25

access-list inside_acl permit ip any any

where w.x.y.z = Exchange server

Hope this helps! If so, please rate.

Thanks,

hemendoz

New Member

Re: How to prevent smtp traffic from internan net

Dear hemendoz,

Thanks a lot for your reply. Can you tell me how to beind the Access-list to the inside Interface. Can I Configure with this Command"access-groupe in interface inside"?

Tanks again

Sfanayei

Cisco Employee

Re: How to prevent smtp traffic from internan net

Hello Sfanayei,

Exactly "access-group in interface inside" is what you need.

Hope this helps! If so, please rate.

Thanks

305
Views
5
Helpful
5
Replies