Solved

Access list blocking out bound mail...

Posted on 2004-04-23
3
298 Views
Last Modified: 2010-04-17
I am trying to setup an ACL that will allow e-mail (Exchange 5.5) out usually port 25 but when this ACL is applied we still can receive mail but out going mail is blocked.  I have applied the config to the serial port as soon as the config is applied to the serial port no mail flows.  I am missing a couple of ports can anyone shed some light on what I am doing wrong?

Ip access-group 101 out
Ip access-group 101 in

Extended IP access list 101
    permit icmp any any echo
    permit icmp any any echo-reply
    permit icmp any any source-quench
    permit icmp any any packet-too-big
    permit icmp any any time-exceeded
    permit icmp any any unreachable
    permit tcp any any eq ftp-data
    permit tcp any any eq ftp
    permit tcp any any eq telnet
    permit tcp any any eq domain
    permit udp any any eq domain
    permit tcp any any eq www
    permit tcp any any eq 443
    permit tcp any any eq pop3
    permit tcp any any eq 143
    permit tcp any any eq 366
    permit tcp any any eq 389
    permit tcp any any eq 465
    permit tcp any any eq 636
    permit tcp any any eq 993
    permit tcp any any eq 995
    permit tcp any any eq 3389
    permit tcp any any eq 4899
    permit tcp any any eq 5222
    permit tcp any any eq 5223
    permit tcp any any eq smtp
    permit udp any any eq 25
0
Comment
Question by:JaysonJackson
  • 3
3 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10904182
mail (SMTP) is TCP port 25, not udp.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10904233
Oops, you have that. Actually, here's the problem. You have to add something like this:
permit tcp any eq smtp any gt 1023

You aren't allowing return traffic from source port 25, which will want to talk to the high-numbered port that originated the session to port 25.
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 500 total points
ID: 10904256
Either that or add

permit tcp any any established

I'm assuming from your current list that security isn't an issue...
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now