[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 771
  • Last Modified:

How do I turn off port 25 on a Cisco ASA 5510?

We are having an issue at my current job.  Our ISP has reported to us that we have been reported as a Spamming site.  We have had this issue in the past and the way we found out which machine was spamming was by turning off port 25.  The person that turned the port off used software he had in order to do it and of course he took the software with him when he left.  I need to know the commands to turn off port 25 and turn it back on again.  Please help.
0
Relinda
Asked:
Relinda
3 Solutions
 
ricks_vCommented:
since there is no detailed config, you can simply telnet / console to device and use the command :

TO BLOCK EMAIL
#access-list inside_access_in deny tcp any any eq 25
#access-group inside_access_in in interface inside

UNBLOCK
#no access-list inside_access_in deny tcp any any eq 25

hope this helps

0
 
martapCommented:
Please be careful following ricks_v recommendation as it will block all incoming traffic if your current access list is not named inside_access_in. And if it is it just won't work because there probably will be an allowed statement before his deny.

Best is to post your current config so we can provide you with the correct commands.
0
 
rsivanandanCommented:
Couple of questions first;

1. Do you have an internal mail server? If so what you need to do is to allow smtp traffic only from its ip address and block all others.

access-list <Name> permit tcp <MailServerIP> any eq 25
access-list <Name> deny tcp any any eq 25
access-list <Name> permit ip any any => This statement allows everything else to go through


access-group <Name> in interface inside

The above should take care of everything else. Now if you already have an access-list assigned, post your config.

Cheers,
Rajesh
0
 
lxtateCommented:
I need some help in allowing a computer from my DMZ to see my live network and also to opening port 25 on my ASA 5510 for SMTP traffic.

I have a DMZ 128.x.x.x and my live Network is 192.x.x.x the way this is configured is Live Network is able to see all machines in DMZ but DMZ cant see machines in Live.

Can someone help please this is urgent
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now