Please help me read this command/need to secure SMTP 1

[newyorkny]

Friends:

What does this mean in plain english?:

access-list outside_inbound line 58 permit tcp any host xxx.xxx.xxx.xxx eq smtp

Does it mean ALLOW * TO SMTP (i.e. "allow any host to touch port 25?")

Is there any reason to allow INBOUND traffic to touch 25? My server runs an internal program that sends email out from that SMTP service and it is the ONLY use of SMTP we make.

In other words, I don't see why INBOUND traffic needs to be allowed to the SMTP port, and am I correct in thinking the above command permits it?

I think I should allow only outgoing SMTP. What might the command line for that be, please?

Thank you, thank you for your kind assistance. NY

 

[lgarner]

You are correct. You don't need a line to allow outbound TCP connections unless you're somehow blocking it. The default is to allow everything out, and replies to come back in.

That said, if you do need an acl to permit outbound SMTP it would be (your acl name may vary):

access-list inside_outbound permit tcp host <server_ip> any eq smtp

The <server_ip> is the private address, not the public one. Still, this is only needed if you have an acl applied to the inside interface which is blocking outbound traffic.

 

[agrigorof]

If you are using private IPs for the internal servers, that command by itself is not enough to allow inbound SMTP traffic. A "static" command is required as well to map the public IP to the private one. In order to tell what goes through and what doesn't we would need the entire configuration.
You can analyze your config with FireGen for Pix:

http://www.eventid.net/firegen/firegenpix2.asp

Regards,

Adrian