[afnog] how to block spam activity on my router cisco 2600

David Chima david at sdnp.org.mw
Tue Oct 18 17:25:56 EAT 2005


Paul,
If you put it on eth1 as well then the one on eth0 may not really be important because 
I think all SMTP traffic will be dropped on eth1, unless you have other ethernet 
Interfaces apart from these two. But if it works then that's fine.

Cheers

David

On Tue, 18 Oct 2005 07:26:55 -0700 (PDT), Paul wrote
> david,
> am not using a serial interface connection on my router. am using the shiron 
> box so I connect the ethernet interface of tghe shiron box to eth0 of my 
> router wit global IP and the eth1 is where i configured the LAN IP's natted. 
> But I have put the access-group 120 out on the eth0 and access-group in on the 
> eth1 of my router, hope dat still work? cheers Aj
> 
> David Chima <david at sdnp.org.mw> wrote:
> Paul
> What I gather from you is that you use webmail from elsewhere other than from 
> a server in your network. If you really dont have a mail server, then it is 
> simple. just block all smtp through your router. You can do this on your 
> ethernet Interface
> 
> ip access-group 120 in
> 
> access-list 120 deny tcp any any eq smtp
> access-list 120 permit ip any any
> 
> Or on your serial Interface You can put this line
> 
> ip access-group 120 out
> 
> The access-list 120 will apply to either of the interface you can choose
> 
> Regards
> 
> David
> 
> On Tue, 18 Oct 2005 04:56:22 -0700 (PDT), Paul wrote
> > david,
> > thanks for your resonse. let me say these, I don't have a mailserver on my 
> > network but the whole office and the school library are natted together 
> > through one global IP dat was on my router interface. and I also use all these 
> > free webmail so I don't know where the spam activity is coming in from. but 
> > will appreciate if you can help me out on the type of access-list command I 
> > can use to stop this activity for now. thanks. Aj
> > 
> > David Chima wrote:
> > Paul,
> > I think what works better is if you have a mailserver through which all mail 
> > goes through. You can setup spam filters, virus scanners on this server. Your 
> > router should only have an access-list that should only allow mail from that 
> > mail-server and deny anything called smtp from any to any.
> > 
> > I hope you can begin this way.
> > 
> > Regards
> > 
> > David
> > 
> > On Mon, 17 Oct 2005 02:37:02 -0700 (PDT), Paul wrote
> > > Good day all,
> > > 
> > > Please I need help on how to block spam activity from my cisco 2600 router. my 
> > > uplink provider has been telling me of spam report coming from one of the 
> > > ethernet interface on my router.
> > > 
> > > thanks
> > > 
> > > Aj
> > > 
> > > 
> > > ---------------------------------
> > > Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
> > 
> > ----------------------------------------------------------
> > Malawi SDNP Webmail: http://www.sdnp.org.mw
> > Access your Malawi SDNP e-mail from anywhere in the world.
> > ----------------------------------------------------------
> > 
> > _______________________________________________
> > afnog mailing list
> > 
> > 
> > ---------------------------------
> > Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
> 
> ----------------------------------------------------------
> Malawi SDNP Webmail: http://www.sdnp.org.mw
> Access your Malawi SDNP e-mail from anywhere in the world.
> ----------------------------------------------------------
> 
> _______________________________________________
> afnog mailing list
> 
> 		
> ---------------------------------
>  Yahoo! Music Unlimited - Access over 1 million songs. Try it free.


----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------




More information about the afnog mailing list