Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
BLOCK SMTP
- Thread starter 71234
- Start date
- Thread starter
- #3
i tried using ur command deny tcp host 192.168.x.x any eq smtp.
Still the messages which i send my application gets through and i could receive it in my inbox.
I tried deny tcp host 216.181.x.x any eq smtp .. Still the same result.
How could i ensure that when i send mails from this application is blocked in the firewall.
Should i do any thing to the command. fixup protocol smtp 25
Appreciate for a quick help on this
Still the messages which i send my application gets through and i could receive it in my inbox.
I tried deny tcp host 216.181.x.x any eq smtp .. Still the same result.
How could i ensure that when i send mails from this application is blocked in the firewall.
Should i do any thing to the command. fixup protocol smtp 25
Appreciate for a quick help on this
dopehead
MIS
- Feb 20, 2003
- 467
First of all, incoming email is not an issue if you have not permitted it. Outgoing you will need a bit more than that one line in your acl.
access-list xxx deny tcp host 192.168.x.x any eq smtp
access-list xxx permit ip <local ip net> <local mask> any
access-group xxx in interface inside
That acl will block smtp out for the address you specify and permit all other ip traffic from the entire local network.
Jan
Network Systems Engineer
CCNA/CQS
access-list xxx deny tcp host 192.168.x.x any eq smtp
access-list xxx permit ip <local ip net> <local mask> any
access-group xxx in interface inside
That acl will block smtp out for the address you specify and permit all other ip traffic from the entire local network.
Jan
Network Systems Engineer
CCNA/CQS
- Thread starter
- #5
I added the command access-list xxx deny tcp host 192.168.x.x any eq smtp.
I have already a line access-list 101 permit ip any host 216.181.x.x
also access-group 101 in interface outside
with all this when i send an email from my application whose ip is 192.168.x.x which is mapped to 216.181.x.x .. it still sends and i could receive it the mail box.
any light on this is highly appreciated , since i have to do this by evening
Thanks
Mathew
I have already a line access-list 101 permit ip any host 216.181.x.x
also access-group 101 in interface outside
with all this when i send an email from my application whose ip is 192.168.x.x which is mapped to 216.181.x.x .. it still sends and i could receive it the mail box.
any light on this is highly appreciated , since i have to do this by evening
Thanks
Mathew
dopehead
MIS
- Feb 20, 2003
- 467
eem, the xxx part was just to illustrate that it could be called anything. You can't restrict outgoing traffic by putting an acl on the outside interface in the incoming direction. That acl needs to be put on the inside interface.
Also, i hope this is not true : access-list 101 permit ip any host 216.181.x.x , which would let anyone access that address on any kind of ip prot/port, not good !
Jan
Jan
Network Systems Engineer
CCNA/CQS/CCSP
Also, i hope this is not true : access-list 101 permit ip any host 216.181.x.x , which would let anyone access that address on any kind of ip prot/port, not good !
Jan
Jan
Network Systems Engineer
CCNA/CQS/CCSP
- Thread starter
- #7
dopehead
MIS
- Feb 20, 2003
- 467
Just like it says in my first post :
access-group xxx in interface inside
Where xxx is the name of the acl you wish to use for outgoing traffic from your inside (not the one you use for incoming traffic on the outside intf.)
Jan
Network Systems Engineer
CCNA/CQS/CCSP
access-group xxx in interface inside
Where xxx is the name of the acl you wish to use for outgoing traffic from your inside (not the one you use for incoming traffic on the outside intf.)
Jan
Network Systems Engineer
CCNA/CQS/CCSP
- Status
Similar threads
- Locked
- Question