How do I turn off port 25 on a Cisco ASA 5510?

Posted on 2009-04-30
Last Modified: 2012-05-06
We are having an issue at my current job.  Our ISP has reported to us that we have been reported as a Spamming site.  We have had this issue in the past and the way we found out which machine was spamming was by turning off port 25.  The person that turned the port off used software he had in order to do it and of course he took the software with him when he left.  I need to know the commands to turn off port 25 and turn it back on again.  Please help.
Question by:Relinda
    LVL 6

    Assisted Solution

    since there is no detailed config, you can simply telnet / console to device and use the command :

    #access-list inside_access_in deny tcp any any eq 25
    #access-group inside_access_in in interface inside

    #no access-list inside_access_in deny tcp any any eq 25

    hope this helps

    LVL 5

    Assisted Solution

    Please be careful following ricks_v recommendation as it will block all incoming traffic if your current access list is not named inside_access_in. And if it is it just won't work because there probably will be an allowed statement before his deny.

    Best is to post your current config so we can provide you with the correct commands.
    LVL 32

    Accepted Solution

    Couple of questions first;

    1. Do you have an internal mail server? If so what you need to do is to allow smtp traffic only from its ip address and block all others.

    access-list <Name> permit tcp <MailServerIP> any eq 25
    access-list <Name> deny tcp any any eq 25
    access-list <Name> permit ip any any => This statement allows everything else to go through

    access-group <Name> in interface inside

    The above should take care of everything else. Now if you already have an access-list assigned, post your config.


    Expert Comment

    I need some help in allowing a computer from my DMZ to see my live network and also to opening port 25 on my ASA 5510 for SMTP traffic.

    I have a DMZ 128.x.x.x and my live Network is 192.x.x.x the way this is configured is Live Network is able to see all machines in DMZ but DMZ cant see machines in Live.

    Can someone help please this is urgent

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now