I've had a look at the solution described in https://www.experts-exchange.com/Security/Software_Firewalls/Q_22083224.html
, and it's *almost* working but not quite. We have a similar situation in that some user has managed to infect at least one PC with a spambot. Worst of all, it doesn't appear to have been found yet, so it's still spamming away. We want to both block current attempts, and provide a framework to stop it happening in future.
I've implemented the following access list, but it's currently blocking all outgoing SMTP, regardless of the source. The lines I'm putting in are as follows:
access-list 100 permit tcp 192.168.200.200 0.0.0.0 any eq smtp
access-list 100 deny tcp any any eq smtp
access-list 100 permit ip any any
int dialer 0
ip access-group 100 out
However, after implementing this, looking at the show access-list shows all outgoing is blocked, and attempts to use SMTP out are blocked. I am a Cisco novice (the router was put in place by a 3rd party tech who has said he doesn't know how to do this) Can anyone help me with what I am missing?
The result from a show access-list is as follows:
Extended IP access list 100
10 permit tcp host 192.168.200.200 any eq smtp
20 deny tcp any any eq smtp (21 matches)
30 permit ip any any (69 matches)