Ah yes, you would need to write a access list that blocks outbound tcp 25 from the IP space of your dialups

 

It would look something like this

 

Access-list 102 deny tcp 10.0.0.0 0.0.0.255 any eq 25

Access-list 102 permit ip any any

 

This this ACL when placed on the outbound interface on your router with the command “ip access-group 102 out”

will prevent the class C 10.0.0.0 from sending outbound tcp 25 traffic.

 

The second line tells the router to permit ANYthing else to ANYthing else that did not match the previous rules.

 

Replace 10.0.0.0 0.0.0.255 with your class C and you would add a another line for each class C you want to block

OR you can specify larger CIDR blocks of addresses if you know how to convert to the cisco decimal masking.

 

John

 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike McTee
Sent: Tuesday, November 25, 2003 11:31 AM
To: [EMAIL PROTECTED]
Subject: [Modus] OT Blocking mail servers at the router

 

This is an Off Topic post.

 

I seem to recall some discussion here regarding blocking customer’s from being able to operate mail servers on the network by setting access list (or something) at the router level.  I’ve searched through the past e-mails and can’t seem to find this information.  If anyone is doing this or knows what the specifics are, please e-mail me off-list.

 

I’ve received a few complaints of spam being sent from within our network and upon verifying the IP Address, it shows to be an IP Address used by dialup customers.  I’m thinking these are likely customers who have SMTP services running and are unaware of it (W2k/XP).

 

Thanks in advance.

 

Sincerely,

Mike McTee

Internet Systems Technician

Eastex Net (www.eastex.net)

 

 

 

Reply via email to