Blacklisting issues, ACL help please (Cisco Router, Exchange 2010)
Posted on 2013-10-30
Having a few issues with email bouncing due to the our external IP constantly being blacklisted. All network PCs and servers have been chacked for malware and viruses (all have up-to-date AV). Exchange server is not an open relay.
We do not have an rDNS or an SPF record and that is on my list to sort out but everything's worked fine for the past 3yrs, so not sure why it shouldn't now.
Eitherway, I'm trying to restrict outbound SMPT traffic to allow exchange server traffic only (no PCs trying to spam). I have created the following ACL outbound on the WAN interface, it just seems strange that I'm getting matches on line 20 but not line 10:
Extended IP access list NO_SPAM
10 permit tcp host 172.16.17.33 any eq smtp
20 permit tcp host 22.214.171.124 any eq smtp (343 matches)
30 deny tcp any any eq smtp log-input
40 permit ip any any (66146 matches)
172.16.17.33 = exchange server IP
x.x.x.x = external WAN IP
Why would the traffic be origionating from the WAN interface, surely it should be coming from the exchange server IP.
Interestingly, before I entered line 20, mail wasn't working and I was getting the following logging messages:
*Oct 29 18:14:32.819: %SEC-6-IPACCESSLOGP: list 150 denied tcp x.x.x.x(14936) (Vlan1 0015.5d11.0b2f) -> 126.96.36.199(25), 1
*Oct 29 18:14:40.943: %SEC-6-IPACCESSLOGP: list 150 denied tcp x.x.x.x(14939) (Vlan1 0015.5d11.0b2f) -> 188.8.131.52(25), 1
*Oct 29 18:14:42.583: %SEC-6-IPACCESSLOGP: list 150 denied tcp x.x.x.x(14693) (Vlan1 0015.5d11.0b2f) -> 184.108.40.206(25), 1
Any ideas ??