Looks right to me, both in sequence and content [1]. - You're allowing SMTP from specific host(s). Correct. Not so much a 'best practice' <ptooey> as a must-do. - Next, you're denying SMTP from anything else. Also correct. - Implied, but must exist, is the Deny Any Any at the end. You'd be surprised how many people forget that.
An aside: this is a great forum with an abundance of expertise in many areas. That said, a google search on Cisco Forums / Cisco Community / Cisco support forum will give you a much more focused target audience. Not that you won't get great answers here, as you will. Pat [1]. CCNP. Also, full disclosure and disclaimer: I am an employee of Cisco Systems. Opinions expressed, however, are mine alone and not that of Cisco. On Tue, Jan 8, 2013 at 10:54 AM, Tom Miller <[email protected]> wrote: > Hi Folks,**** > > ** ** > > At a new job here. I have a few Cisco ASA. One of them, an ASA 5510, > seems to be not very strict on outbound rules. I’m new to ASA (came from > the Fortinet world), so any advice on setting up outbound rules? In > particular we’ve been on spamhaus and I think there is an internal machine > sending out smtp messages. Short term solution would be to restrict out > smtp to our mail servers only. **** > > ** ** > > On the ASA | Configuration | Access Rules, I created an inside à outside > rule. Traffic from mail server out, smtp, permit. Other rule has traffic > as deny. This does not seem correct, even me being new to ASA.**** > > ** ** > > Suggestions appreciated,**** > > Tom**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
