Access list blocking out bound mail...

I am trying to setup an ACL that will allow e-mail (Exchange 5.5) out usually port 25 but when this ACL is applied we still can receive mail but out going mail is blocked.  I have applied the config to the serial port as soon as the config is applied to the serial port no mail flows.  I am missing a couple of ports can anyone shed some light on what I am doing wrong?

Ip access-group 101 out
Ip access-group 101 in

Extended IP access list 101
    permit icmp any any echo
    permit icmp any any echo-reply
    permit icmp any any source-quench
    permit icmp any any packet-too-big
    permit icmp any any time-exceeded
    permit icmp any any unreachable
    permit tcp any any eq ftp-data
    permit tcp any any eq ftp
    permit tcp any any eq telnet
    permit tcp any any eq domain
    permit udp any any eq domain
    permit tcp any any eq www
    permit tcp any any eq 443
    permit tcp any any eq pop3
    permit tcp any any eq 143
    permit tcp any any eq 366
    permit tcp any any eq 389
    permit tcp any any eq 465
    permit tcp any any eq 636
    permit tcp any any eq 993
    permit tcp any any eq 995
    permit tcp any any eq 3389
    permit tcp any any eq 4899
    permit tcp any any eq 5222
    permit tcp any any eq 5223
    permit tcp any any eq smtp
    permit udp any any eq 25
JaysonJacksonAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
mikebernhardtConnect With a Mentor Commented:
Either that or add

permit tcp any any established

I'm assuming from your current list that security isn't an issue...
0
 
mikebernhardtCommented:
mail (SMTP) is TCP port 25, not udp.
0
 
mikebernhardtCommented:
Oops, you have that. Actually, here's the problem. You have to add something like this:
permit tcp any eq smtp any gt 1023

You aren't allowing return traffic from source port 25, which will want to talk to the high-numbered port that originated the session to port 25.
0
All Courses

From novice to tech pro — start learning today.