How-To : Block Port 25 on Cisco ASA 5500 Series Firewall

March 19th, 2010 admin

Here’s a quick tip – how to block SMTP from leaving a network (apart from specific mail servers) using a Cisco ASA 5500 Series firewall.

STEP 1: Allow specified mail servers to sent SMTP

access-list INSIDE_ACL extended permit tcp <mail server IP> any eq smtp

STEP 2 : Deny SMTP to all other devices

access-list  INSIDE_ACL extended deny tcp any any eq smtp

STEP 3: Allow all other traffic

access-list INSIDE_ACL extended permit ip any any

STEP 4: Apply ACL to inside interface

access-group INSIDE_ACL interface <name of inside interface>

