How do I block outgoing smtp traffic from all devices except my Exchange Server?
Posted on 2008-10-13
We are working on reconfiguring our 1841 to block SMTP traffic from all devices inside our network except our Exchange server (we were recently blacklisted due to a spambot). I know the basics, but when I initially applied an ACL to try to only permit outbound SMTP traffic from my Exchange server, I blocked RWW and OWA as well, so I am hoping someone can help me properly implement that.
Additionally, when the router was initially configured, we didn't have extra outside IP addresses, so we used NAT to direct outside traffic to different devices inside by ports. This has worked well, but we now have a block of 16 addresses available to us. I am wondering if it there would be any advantage at this point in reconfiguring to make use of the additional outside IP's, or should I just stay with nat'ing the one address to the different machines.
Here are the interface configurations:
description -----> Access to MEPs Associates, LLC LAN
ip address 192.168.5.1 255.255.255.0
ip nat inside
no ip address
description -----> Connection to CWCI-EAU-GW S3/0/0/3:0
ip address 184.108.40.206 255.255.255.252
ip nat outside
service-module t1 timeslots 1-24
Here are the NAT statements in our current configuration... 192.168.5.100 is the SBS (Exchange) server; 192.168.5.6 is our spam filter:
ip nat inside source list 1 interface Serial0/0/0 overload
ip nat inside source static tcp 192.168.5.100 21 220.127.116.11 21 extendable
ip nat inside source static tcp 192.168.5.6 25 18.104.22.168 25 extendable
ip nat inside source static tcp 192.168.5.100 80 22.214.171.124 80 extendable
ip nat inside source static tcp 192.168.5.100 110 126.96.36.199 110 extendable
ip nat inside source static tcp 192.168.5.100 443 188.8.131.52 443 extendable
ip nat inside source static tcp 192.168.5.100 3389 184.108.40.206 3389 extendable
ip nat inside source static tcp 192.168.5.100 4125 220.127.116.11 4125 extendable
There are two access lists, but I can't tell where they are being applied. the IP addresses in ACL 23 all belong to the ISP... not sure what they are there for, and I can't find anyone here that knows, either.
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 23 permit 18.104.22.168
access-list 23 permit 22.214.171.124 0.0.0.3
access-list 23 permit 126.96.36.199 0.0.0.3
I originally tried to permit outgoing SMTP traffic from my SBS server and block it from everywhere else by adding the following ACL and applying it to FastEthernet 0/1:
access-list 102 permit tcp 192.168.5.100 0.0.0.0 any eq smtp
access-list 102. deny tcp any any eq smtp
access-list 102 permit ip any any
ip access-group 102 in
I am a router newbie, so my commands might be out of whack, or I may be totally off base with the attempt. Regardless, when I applied this ACL, I dropped our RWW and OWA connections to the inside. At this point, I thought I should ask someone for help.