Create inside access list block all 25 except from exchange server

[jimw32]

I need to create an access list that will only allow port 25 traffic outside the pix from my exchange server only. Can some one make a suggestion? I have all incoming going directly to the exchange I just want to make sure we are not sending out spam from a ghost machine.

Thks

Jim

 

[nnnnnnnnnn]

You will need to replace <ip address> with the ip of your server

name myserver <ip address>

access-list inside-in remark ! allow your server to smtp out
access-list inside-in permit tcp host myserver any eq smtp
access-list inside-in remark ! deny all other smtp traffic
access-list inside-in deny tcp deny any eq smtp
access-list inside-in remark ! allow the rest of your internet traffic
access-list inside-in permit ip any any

access-group inside-in in interface inside


cheers