Restricting smtp traffic to specific IP address ranges PIX 506e
Posted on 2011-03-22
We used to have our spam filter on the inside network; now we have outsourced to an outside spam filtering company. Our current setting is to allow all smtp (port 25) traffic through our firewall to our Exchange 2003 server.
I want to restrict all smtp traffic through the PIX 506 except from the following WAN IP address ranges:
126.96.36.199/23 (188.8.131.52 to 184.108.40.206) subnet 255.255.254.0
220.127.116.11/23 (18.104.22.168 to 22.214.171.124) subnet 255.255.254.0
126.96.36.199/24 (188.8.131.52 to 184.108.40.206) subnet 255.255.255.0
current Pix access list entry is:
access-list acl-out permit tcp any interface outside eq smtp
I'm just a bit rusty on adding the ranges.