Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 453
  • Last Modified:

prevent all outbound port 25 traffic on all but one IP

I have a network that is blacklisted. I need to stop all traffic on port 25 from leaving the ASA except from one IP address (my security mail appliance).  
I'm learning (but still weak) on ASA CLI.
Here's code I've found on the web:

access-list inbound_on_inside permit tcp any host 1.1.1.1 eq smtp
access-list inbound_on_inside deny tcp any any eq smtp
access-list inbound_on_inside permit ip any any
access-group inbound_on_inside in interface inside

I'm assuming the 1.1.1.1 will be my appliance IP and that this is ALL I need to do to stop SMTP traffic from any machine/device inside the lan from leaving the ASA except the IP I have inserted in the 1.1.1.1 location.  If not, please advise.

Also, I would like to monitor any SMTP traffic hitting the ASA, now being blocked, to find the rogue station(s).  All my anti-virus scans are showing the machines to be healthy and clean.  

Thank you for any thoughts/help/constructive statements

daver
0
David Bird
Asked:
David Bird
1 Solution
 
Ernie BeekCommented:
Assuming you're host is on the inside (doh), the line:
access-list inbound_on_inside permit tcp any host 1.1.1.1 eq smtp
should be:
access-list inbound_on_inside permit tcp host 1.1.1.1 any eq smtp

For logging the hits, use:
access-list inbound_on_inside deny tcp any any eq smtp log
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now