By: blankreg

blankreg — Mon, 11 May 2009 18:12:09 +0000

Thanks Guys – I appreciate the feedback

By: vnoome

vnoome — Mon, 11 May 2009 17:02:01 +0000

Good posting BLankReq!!!

By: edctech

edctech — Sat, 09 May 2009 01:36:11 +0000

Thanks for the information and it worked perfectly. I knew it had to be a rule, but I was looking at the static routes and not the access list. Thanks again, and by the way it did stop the spam instantly.

By: blankreg

blankreg — Fri, 08 May 2009 21:27:57 +0000

KevinBeaver is basically right. You need to create an access list that allows mail from the spam blocker, but not from anywhere else. It will also need to allow any other traffic to any hosted systems, such as a web server. It will also block anything else that is not implicitly allowed, as there is an implied deny everything at the end of any access list.

It should look sometihng like this

access-list Internet-In permit tcp host {IP of spam blocker} host {public IP of your Mailhost} eq 25
access-list Internet-In deny ip any host {public IP of your Mailhost}
access-list Internet-In permit [other services you want to allow in]

Then apply this to the inbound traffic on the ‘outside’ interface with the command

access-group Internet-In in interface outside

Then the only mail traffic that will hit your mail server will be from the spam blocker.

PM me if you need something more detailed for your particular network.

Comments on: Cisco ASA 5505 Limit IP that can send mail to the Internal network

By: blankreg

By: vnoome

By: edctech

By: blankreg