Re: Mail Transport ports

[Ted]

I think you could just add a section to the URL that you referenced.  An extended access-list can have a source port immediately following the source IP/mask entries.  It is just not commonly used. access-list ### [permit/deny] [protocol] [source-address] [source-port] [destination-address] [destination-port] [options] or something like access-list 101 permit tcp any eq smtp host [your.smtp.svr.ip] gt 1023 I think this would allow tcp packets from any source IP originating from port 25 that are destined for your SMTP server on a port above 1023.  I think this is correct, but I just tossed it up off the top of my head, so someone correct me if I've oversimplified something.  you might also be able to use reflexive access lists, since your SMTP svr would be the one opening the ports originally on outgoing mail, correct?  Or as someone else mentioned, maybe an 'established' command in a dynamic access list.   And some of these commands are dependent on the version of IOS on your router.  I think reflexive access lists came around IOSv11.3 or 11.7.  I'm rambling now, sorry.     Greg Baumgratz wrote: All messages are tcp.  As for access list entries based on source port, is there any documentation that you know of?  The only information I have is for destination port.  Here's a good piece of information for cisco access lists for anyone not familiar: Greg     Ted wrote: I can't help with the IMS ports, but depending on what cisco firewall/router you're running, most of them can permit/deny on source port as well as destination port.  It is just not used that often.  BTW, are all the response messages you mentioned below UDP? Greg Baumgratz wrote: Here's a question:  When your mail server sends mail by smtp it goes out on port 25.  Any ideas of the range the responses will come on?  When your server receives mail, the connection will always be incoming on port 25, but when you send messages from your server, they will go out 25 and the responses messages will come on other ports.  The reason behind this is if in your router, you block all packets to your mailserver other than port 25, you can receive mail without a problem, but you can no longer send mail.  I have recorded packets in the 2000s and 3000s as reponse messages, of course coming with a source port of 25.  As far as I know, you can not permit packets in the cisco based on source port, only destination. Is there a rule that defines the ports the responses will return on? Greg This is the discussion list for the IMS Free email server software.   To unsubscribe send mailto:[EMAIL PROTECTED]             Delivered by Rockliffe MailSite            http://www.rockliffe.com/mailsite                 Rock Solid Software (tm) This is the discussion list for the IMS Free email server software.   To unsubscribe send mailto:[EMAIL PROTECTED]             Delivered by Rockliffe MailSite            http://www.rockliffe.com/mailsite                 Rock Solid Software (tm)