How do I turn off port 25 on a Cisco ASA 5510?

We are having an issue at my current job.  Our ISP has reported to us that we have been reported as a Spamming site.  We have had this issue in the past and the way we found out which machine was spamming was by turning off port 25.  The person that turned the port off used software he had in order to do it and of course he took the software with him when he left.  I need to know the commands to turn off port 25 and turn it back on again.  Please help.
RelindaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ricks_vCommented:
since there is no detailed config, you can simply telnet / console to device and use the command :

TO BLOCK EMAIL
#access-list inside_access_in deny tcp any any eq 25
#access-group inside_access_in in interface inside

UNBLOCK
#no access-list inside_access_in deny tcp any any eq 25

hope this helps

martapCommented:
Please be careful following ricks_v recommendation as it will block all incoming traffic if your current access list is not named inside_access_in. And if it is it just won't work because there probably will be an allowed statement before his deny.

Best is to post your current config so we can provide you with the correct commands.
rsivanandanCommented:
Couple of questions first;

1. Do you have an internal mail server? If so what you need to do is to allow smtp traffic only from its ip address and block all others.

access-list <Name> permit tcp <MailServerIP> any eq 25
access-list <Name> deny tcp any any eq 25
access-list <Name> permit ip any any => This statement allows everything else to go through


access-group <Name> in interface inside

The above should take care of everything else. Now if you already have an access-list assigned, post your config.

Cheers,
Rajesh

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lxtateCommented:
I need some help in allowing a computer from my DMZ to see my live network and also to opening port 25 on my ASA 5510 for SMTP traffic.

I have a DMZ 128.x.x.x and my live Network is 192.x.x.x the way this is configured is Live Network is able to see all machines in DMZ but DMZ cant see machines in Live.

Can someone help please this is urgent
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.