I have a network that is blacklisted. I need to stop all traffic on port 25 from leaving the ASA except from one IP address (my security mail appliance).
I'm learning (but still weak) on ASA CLI.
Here's code I've found on the web:
access-list inbound_on_inside permit tcp any host 184.108.40.206 eq smtp
access-list inbound_on_inside deny tcp any any eq smtp
access-list inbound_on_inside permit ip any any
access-group inbound_on_inside in interface inside
I'm assuming the 220.127.116.11 will be my appliance IP and that this is ALL I need to do to stop SMTP traffic from any machine/device inside the lan from leaving the ASA except the IP I have inserted in the 18.104.22.168 location. If not, please advise.
Also, I would like to monitor any SMTP traffic hitting the ASA, now being blocked, to find the rogue station(s). All my anti-virus scans are showing the machines to be healthy and clean.
Thank you for any thoughts/help/constructive statements