restrict incoming, allow outgoing smtp

[ilpadrino]

Ok, I've succeeded in configuring the access-lists to restrict incoming email only from a range of addresses. (see thread557-936793).

But now I can't send email from a client outside the network. Using smtp server with authentication will not work. Can I setup an outgoing acl on an interface that will allow anyone to send smtp for the same ip? Which interface should I configure that acl - the serial or the ethernet?

maybe I can't have both worlds.

Thanks.

 

[ChrisAC]

So you have restricted inbound SMTP connections to your network from the internet, yes? And now someone 'outside' your network, presumably on the internet cannot send email? Is this 'cannot send anyone email' or 'cannot connect to your server'? Is that user on an external connection trying to relay email through your server? Do they relay through another server?

Please explain a little bit more.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[ilpadrino]

They cannot send any email. Someone using a client, ie Outlook Express. They configure the smtp server to be mail.domain.net. They configure the pop server to be mail.domain.net. They can pop. They cannot smtp. The incoming access-list on the serial int (ip access-group 104 in) looks like this for the email server:

permit tcp x.y.0.0 0.0.15.255 host a.b.c.d eq smtp

This statement must be preventing external clients. My intention was to only allow incoming email delivered from the x.y.0.0 networks. But I wanted to still allow clients the ability to send and receive.

I don't know if I'm making any sense.

 

[ChrisAC]

If you have blocked them from connecting to your mail server via an access list, then yes, they will not be able to send mail via your mail server! Email clients send email to email servers via SMTP, whcih you have blocked bar one subnet.

Chris.


**********************
Chris A.C, CCNA, CCSA
**********************