• Home
  • Cisco
  • Exchange
  • Linux
  • Navision
  • Network
  • Virtualization
  • Windows
  • About

    Block outgoing emails except from the mail server

    By default all clients on the LAN can act as a mail server. Maybe you have a “real” mail server. Now a hacker steals one of your client pc’s and uses it to send out SPAM.

    How do you configure the firewall so only the “real” mail server can send out emails?

    You do it with an access-list on the inside interface. This way you can control the outgoing smtp traffic and only allow one LAN IP to send out emails.

    access-list acl_out permit tcp host any eq 25
    access-list acl_out deny tcp any any eq 25
    access-list acl_out permit ip any any
    access-list acl_out permit icmp any any
    access-group acl_out in interface inside

    Exit mobile version