lukeca
asked on
Block outbound port 25 on Cisco Pix 501 to all devices except mail server
Hi Experts,
Our company has Cisco PIX 501. My knowledge with Cisco is limited. What we are trying to do is block outbound port 25 on our network except for our one mail server. We want to do this to prevent PCs that may be infected with viruses from sending out spam. This way we know the only PC on our network sending out mail is our mail server. We would like all other outbound access to remain unaffected. Is there any way to accomplish this? On the linksys router we do a deny all smtp, then an allow for the mail server with a higher priority than the deny. Is there any way to accomplish this? Thanks for the help.
Our company has Cisco PIX 501. My knowledge with Cisco is limited. What we are trying to do is block outbound port 25 on our network except for our one mail server. We want to do this to prevent PCs that may be infected with viruses from sending out spam. This way we know the only PC on our network sending out mail is our mail server. We would like all other outbound access to remain unaffected. Is there any way to accomplish this? On the linksys router we do a deny all smtp, then an allow for the mail server with a higher priority than the deny. Is there any way to accomplish this? Thanks for the help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
nodisco has it right.
Cheers,
Rajesh
Cheers,
Rajesh
I agree. I read it as the mail server was outside the firewall.
ASKER
Thanks worked like a charm.
Clean and to the point. Worked for me as well.
I Tried it too and it worked, excellent job.
If I can presume that other than port 25 traffic is allowed:
access-list acl_outbound permit tcp any host ip.of.smtp.server eq 25
access-list acl_outbound deny tcp any any eq 25
access-list acl_outbound permit ip any any
access-group acl_outbound in interface inside