I would use an IDS like SNORT (www.snort.org) to watch the traffic on the mail server; you can monitor all SMTP or POP3 pretty easily. Takes some setting up to do, but you can use it to block. One of the problems with CBAC is that its inspection of protocols is pretty rudimentary; you should be allowed to set options on the more common applications like SMTP, but I guess they gotta sell the PIX :).
If you need content scrubbing, though, you may need something more versatile then the IOS Firewall Feature Set. Turnkey proxy servers or opensource solutions are available. Henry -----Original Message----- From: Prathabacimman.M [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 11:57 PM To: '[EMAIL PROTECTED]' Subject: Cisco IOS firewall Thanks to Henry Sieff Adding more to the above problem yesterday we solved the problem but temporarily. As we remove "ip inspect name 'name' smtp" things have started moving smoothly. But our situation forces us to implement smtp monitoring. How to go about it.. Prathabacimman.M (call me prathab) Hi, I have a got a very peculiar problem with Cisco IOS Firewall 21.4 on Cisco 2621 Router. Our mail server recides on the DMZ and We have got CBAC and Access lists enabled on the Router. There's no problem with the traffic except SMTP. When the authentication is enabled for SMTP relay on our Exchange Server, the internet clients are unable to send mails thru the server. The mails get bounced. When the authentication is removed the server is vulnerable to open relay. There's certainly a problem with the router/image/CBAC/ACL but we cannot identify where it lies. Can any one help me in troubleshooting. Prathabacimman.M _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
