Re: HELP - Exchange & Cisco 1700 Lockdown from SPAM

On May 30, 1:48 pm, Mickie <mickiemell...@xxxxxxxxx> wrote:
On May 30, 12:58 pm, Trendkill <jpma...@xxxxxxxxx> wrote:



On May 30, 9:50 am, mickiemell...@xxxxxxxxx wrote:

Hello everyone,

I want to thank everyone in advance for any information you provide.
I'm going to be as straigh forward as possible and give as much
detail
as possible.

We are running Windows 2000 SBS with Exchange and I have recently
moved my SPAM scanning externally outside of our building, through a
third-party SPAM scanning company called SpamSoap.

The issue that I am having foolows:
The scanner is working correctly and stopping almost all of the SPAM.
However, someone is directly mailing to our IP address; as our IP is
static we can not change it. SpamSoap recommends locking down our
exchange server to only except mail from a certain IP range they give
us. This is the problem, I don't know how to put these IP addresses
into exchange, and/or my Cisco 1700 router.

Does anyone know how to complete this? Is this true and possible to
be done?
Thanks again for looking and giving any thoughts you might have!
Mickie

I think you are asking how to ACL off SMTP from everywhere except the
IP-range of your 3rd party provider. You would do this by creating an
access-list on the router that allows SMTP (port 25) from your SPAM
filter and nothing else. I would need more information on how exactly
this spam filter works (is your email domain pointed/owned by their
servers and whatever passes the filter is sent on to your specific
mail server, or is something else going on). But here is an example
of an ACL:

access-list 101 permit tcp any host a.b.c.d eq smtp
access-list 101 deny tcp any any eq smtp

You would then apply that ACL to your external interface on your
router:

int <interface>
ip access-group 101 in

Again, I would strong discourage doing anything until you have a
complete understanding of the flow of traffic (in this case mail) with
your 3rd party provider. The last thing you want is an email
outage......- Hide quoted text -

- Show quoted text -

Thank you very much for your input... here the flow of traffic and
additional information you requested:
Our DNS records (through GoDaddy) point/redirect the mail to their
servers where it is checked for SPAM and then their (spamsoap)
server's send the mail on top our IP Address/mail server.
Spamsoap has provided a block of IP addresses to allow within the
router.
I need to set these up because spammers are bypassing the scanner and
mailing directing to our mail server.
I'm pretty sure that what you are saying is what I need, I'm just not
sure how to go about setting it up within the 1700.
Thank you again for your help,
Mickie

Then you will do exactly what i outlined above. If its a contiguous
address space, you'll have one allow statement with the network
address/range of their servers. If not, then you'll have to add in
several allow statements. Follow it up with one deny any any eq smtp,
and finally a permit ip any any at the end (else the explicit deny on
the end will kill all traffic which you certainly don't want). This
should clear it up. Here is an example:

If their addresses are 1.1.1.0 - 1.1.1.63 and your mail server is
2.2.2.2

access-list 101 permit tcp 1.1.1.0 255.255.255.192 host 2.2.2.2 eq
smtp
access-list 101 deny tcp any host 2.2.2.2 eq smtp
access-list 101 permit ip any any

interface <external interface>
ip access-group 101 in

May want to get one other person on here to review that and make sure
I didn't miss something. Statement one allows traffic from their
range to your server. Statement two blocks any host from sending smtp
traffic to your server (may want to do any any instead if you want
SMTP blocked to everything else). Statement three allows everything
else so that the implicit deny doesn't kill everything else.

The last will apply the ACL inbound on your outbound interface,
blocking it as the traffic comes into your network.
.

Relevant Pages