Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Prevent spam before router

Hi,

We are a small ISP and we have a problem in one of our locations, we have a Router 2811 with 5Mb of internet and around 50 clients behind, the router in the WAN interface have a public IP and is doing NAT to the LAN interface of clients and the problem is that one or more clients PCs are sending spam to the internet and that's why the public IP of the WAN interface is too often in some DNSBLs or blacklist and some other clients when they send emails from they own domains doesn't arrive because it's say that the IP of the WAN interface is in a blacklist.

The question is, can we do something to prevent this without have to change the public IP????

3 REPLIES

Re: Prevent spam before router

With existing device/resources, the answer is no. Even if you keep changing the IP Address, the user will keep sending SPAM mail (intentional/unintentional).

You should take a look at Cisco IronPort http://www.ironport.com/

New Member

Re: Prevent spam before router

its possible to stop the spam mails by applying access-list which will allow the smtp port for only their mail server and deny the remaining.

where is your mail server located.

New Member

Re: Prevent spam before router

I agree. I'd block all outbound smtp except from specifically permitted IP addresses. Of course this means you'll need static addressing on the NAT side and need to apply the ACL to the "inside" interface.

-Chris

132
Views
0
Helpful
3
Replies