No announcement yet.

Blocking All Outbound SMTP - PIX 515E

  • Filter
  • Time
  • Show
Clear All
new posts

  • Blocking All Outbound SMTP - PIX 515E

    Hello to all from a first time poster!

    I would like the forum's opinion as to the way I am handling a problem on our network. Please excuse my lack of experience as I am in no way a PIX (or Cisco for that matter) expert and I recently lost the person who implmented the original config so for now I'mm the best they have. Scary!!

    Anyway, we were recenly blaclisted due to spam activity on one of our public addresses. Our corporate mail is on an Exchange 2003 server on the Inside which then forwards to a Linux mail server in the DMZ which has a dedicated public ip (not the blacklisted one) so I'm pretty sure it's not an issue with the Exchange server and I'm thinking I may have a spambot or some such creature on a workstation.

    I have tried to track the offending device down without success so my approach now is to block all SMTP traffic from the Inside to the Outside which is the interface of the offending ip.

    I implemented an ACL as follows:

    access-list Block_25 deny tcp interface Inside interface Outside eq SMTP
    access-list Block_25 permit ip any any

    access-group Block_25 in interface Inside

    My question to the forum is a) is my approach of blocking the smtp traffic to stop the spam source valid, and b) will the ACL above do what I would like it to do?

    Many thanks
    Last edited by daveo01; 13th November 2009, 19:25.