Remember even with the Egress filtering you are looking to do outbound, it could be an internal compromised host or account that is using your legitimate email servers to send the email out, but I would drop and log all other traffic from trust to untrust on port 25 and eliminate the hosts.
Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Tom Miller [mailto:[email protected]] Sent: Tuesday, January 08, 2013 10:54 AM To: NT System Admin Issues Subject: Cisco ASA question Hi Folks, At a new job here. I have a few Cisco ASA. One of them, an ASA 5510, seems to be not very strict on outbound rules. I'm new to ASA (came from the Fortinet world), so any advice on setting up outbound rules? In particular we've been on spamhaus and I think there is an internal machine sending out smtp messages. Short term solution would be to restrict out smtp to our mail servers only. On the ASA | Configuration | Access Rules, I created an inside à outside rule. Traffic from mail server out, smtp, permit. Other rule has traffic as deny. This does not seem correct, even me being new to ASA. Suggestions appreciated, Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
