Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Cisco 857W block outgoing smtp from all but mail server

Avatar of gamutgroup
gamutgroupFlag for Australia asked on
RoutersSoftware Firewalls
14 Comments1 Solution1293 ViewsLast Modified:
I've had a look at the solution described in https://www.experts-exchange.com/Security/Software_Firewalls/Q_22083224.html, and it's *almost* working but not quite. We have a similar situation in that some user has managed to infect at least one PC with a spambot. Worst of all, it doesn't appear to have been found yet, so it's still spamming away. We want to both block current attempts, and provide a framework to stop it happening in future.

I've implemented the following access list, but it's currently blocking all outgoing SMTP, regardless of the source.  The lines I'm putting in are as follows:

access-list 100 permit tcp 192.168.200.200 0.0.0.0 any eq smtp
access-list 100 deny tcp any any eq smtp
access-list 100 permit ip any any
int dialer 0
ip access-group 100 out

However, after implementing this, looking at the show access-list shows all outgoing is blocked, and attempts to use SMTP out are blocked. I am a Cisco novice (the router was put in place by a 3rd party tech who has said he doesn't know how to do this) Can anyone help me with what I am missing?

The result from a show access-list is as follows:
Extended IP access list 100
    10 permit tcp host 192.168.200.200 any eq smtp
    20 deny tcp any any eq smtp (21 matches)
    30 permit ip any any (69 matches)
ASKER CERTIFIED SOLUTION
Avatar of memo_tnt
memo_tntFlag of Palestine, State of image

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 14 Comments.
See Answers