Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Blocking outbound SMTP on PIX 515 -Ver 6.3.(4)

One of my client received emails from ISP saying the SPAM email generated from their network with PIX outside ip. We want to disable the outbound SMRP (port25) on the firewall, so that the emails will be stopped. PIX config has 'no fixup protocol smtp 25'.

Is there any way I can use the fixup to block the outbound SMTP (without impacting any other services)

or do I need to create a ACL for port25 and apply on the inside interface..?

TIA

MS

10 REPLIES

Re: Blocking outbound SMTP on PIX 515 -Ver 6.3.(4)

You need to create an ACL and apply it to the inside interface.

Community Member

Re: Blocking outbound SMTP on PIX 515 -Ver 6.3.(4)

Thank you...

So.. below config is enough or any additional lines needed?

*********************************

access-list BLOCKSMTP extended deny tcp 192.168.x.x 255.255.0.0 any eq 25

access-list BLOCKSMTP extended permit ip any any

access-group BLOCKSMTP in interface INSIDE

*********************************

Thanks again

MS

Re: Blocking outbound SMTP on PIX 515 -Ver 6.3.(4)

Looks good. You don't have an email server inside correct?

Community Member

Re: Blocking outbound SMTP on PIX 515 -Ver 6.3.(4)

Correct. Not at this location. The other location server does not use this Internet connection for any outbound SMTP comminication.

Thanks

MS

Community Member

Re: Blocking outbound SMTP on PIX 515 -Ver 6.3.(4)

slight correction to ACL... 'extended' key word does not support on 6.3(4).

Community Member

Re: Blocking outbound SMTP on PIX 515 -Ver 6.3.(4)

question.. I want to enable 'log' with the ACL to see what is the source. It may be hard to tell, but will there be any perf. impact on the PIX as it has to inspect every packet against ACL..?

TIA

MS

Re: Blocking outbound SMTP on PIX 515 -Ver 6.3.(4)

It will already inspect every packet with the ACL. Now it will just log an entry which has low overhead.

Community Member

Re: Blocking outbound SMTP on PIX 515 -Ver 6.3.(4)

The SPAM stopped but unable to find the source IP. I tried port 25 to Internet from known PC, the hit count in ACL increases but PIX logging anythign about the souce (internal PC) in buffer or syslog. I observed few messages in PIX log that the deny flow-max is reached(1024).. it is not letting me increase the count. Anyway I can find source address (tried with no avail by changing logging buffered informational) without placing a sniffer..?

ACL on PIX:

*****************************************

access-list BLOCKSMTP extended deny tcp any any eq 25 log 7 interval 600

access-list BLOCKSMTP extended permit ip any any

access-group BLOCKSMTP in interface INSIDE

*****************************************

TIA

MS

Re: Blocking outbound SMTP on PIX 515 -Ver 6.3.(4)

Check this link-

https://packetpros.com/images/asa_logging.GIF

You will have to have your buffer logging to Information or higher to see the ACL logging.

Community Member

Re: Blocking outbound SMTP on PIX 515 -Ver 6.3.(4)

Thanks again Collin. It worked with 'debugging' leved enabled.

MS

392
Views
7
Helpful
10
Replies
CreatePlease to create content