Here is what we have in our ASA. Vh-fs4 is our spam gateway. access-list Inside_access_in remark Allow SPAM gateway to send email out. access-list Inside_access_in extended permit tcp host VH-FS4 any eq smtp access-list Inside_access_in remark Block all but SPAM gateway from sending email out. access-list Inside_access_in extended deny tcp any any eq smtp log access-list Inside_access_in extended permit ip any any
This applies the above access list to the inside interface. access-group Inside_access_in in interface Inside -----Original Message----- From: Chyka, Robert [mailto:[email protected]] Sent: Wednesday, July 29, 2009 6:37 PM To: MS-Exchange Admin Issues Subject: RE: Quick Event Question We have a cisco asa... Do you know the command? I just don't want to screw up the firewall. Thanks for your help... -----Original Message----- From: "Kurt Buff" <[email protected]> To: "MS-Exchange Admin Issues" <[email protected]> Sent: 7/29/09 5:54 PM Subject: Re: Quick Event Question Consider? Uh, make that *demand* - egress filtering is one of your strongest security allies. Default deny, baby. Kurt On Wed, Jul 29, 2009 at 14:02, Stephan Barr<[email protected]> wrote: > Consider having your firewall allow SMTP outbound from your Exchange server > only. > > On Wed, Jul 29, 2009 at 10:56 AM, Chyka, Robert <[email protected]> wrote: >> >> We are running Exchange 2003 on Windows Server 2003. We are fully patched >> etc. We are starting to get a slow growing amount of outbound SPAM trying >> to be sent out of our Exchange server and we are looking to stop it before >> it gets ugly. >> >> >> >> We are a verified closed relay host, but I am noticing a weird event for a >> specific user in the event log. >> >> >> >> It is EventId 1708 and the Source is MSExchange Transport >> >> >> >> The text is: >> >> >> >> SMTP Authentication was performed successfully with client "[127.0.0.1]". >> The authentication method was "NTLM" and the username was "xxxxxx���� >> >> >> >> >> >> >> >> I did����t know if the 127.0.0.1 was an issue? Never saw it before. >> >> >> >> Thanks!!! >
