I have been reading on this site some information about blocking outgoing smtp traffic apart from a mail server but just want to run the PIX501 config past you to make sure.
History is the PIX501 has been in operation for about 5 years but it seems now someone is sending out SPAM so while we isolate the particular PC we want to block all outgoing traffic on port 25 apart from the mail server.
The network layout is:
Exchange server 10.16.4.2
PIX Inside IP 10.16.2.1
PIX outside IP 22.214.171.124
ADSL Router 126.96.36.199
The parts of the config on the router I think are relevant are:
access-list 101 permit tcp any host 188.8.131.52 eq smtp
ip address outside 184.108.40.206 255.255.0.0
ip address inside 10.16.2.1 255.255.0.0
static (inside,outside) tcp interface smtp 10.16.4.2 smtp netmask 255.255.255.255 0 0
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 220.127.116.11 1
route inside 10.17.0.0 255.255.0.0 10.16.1.3 1
Where I am concerned is everything I read on this site about blocking has the access-group 101 on interface 'inside' - where I have it 'outside' - does this matter?
Do you need any more configuration information?