*and* I'd recommend checking SMTP relay on internal mail server. Is it allowing internal systems to relay smtp traffic instead of smtp direct ? Just another loophole that might need to be tightened.
in most cases, *if* internal smtp relay is required, usually limited to a specific group of 'authorized' systems and not open to entire internal subnets. On Tue, Jan 8, 2013 at 11:14 AM, Ziots, Edward <ezi...@lifespan.org> wrote: > Remember even with the Egress filtering you are looking to do outbound, it > could be an internal compromised host or account that is using your > legitimate email servers to send the email out, but I would drop and log all > other traffic from trust to untrust on port 25 and eliminate the hosts. > > > > Z > > > > Edward E. Ziots, CISSP, Security +, Network + > > Security Engineer > > Lifespan Organization > > ezi...@lifespan.org > > > > From: Tom Miller [mailto:tmil...@sfgtrust.com] > Sent: Tuesday, January 08, 2013 10:54 AM > To: NT System Admin Issues > Subject: Cisco ASA question > > > > Hi Folks, > > > > At a new job here. I have a few Cisco ASA. One of them, an ASA 5510, seems > to be not very strict on outbound rules. I’m new to ASA (came from the > Fortinet world), so any advice on setting up outbound rules? In particular > we’ve been on spamhaus and I think there is an internal machine sending out > smtp messages. Short term solution would be to restrict out smtp to our > mail servers only. > > > > On the ASA | Configuration | Access Rules, I created an inside à outside > rule. Traffic from mail server out, smtp, permit. Other rule has traffic > as deny. This does not seem correct, even me being new to ASA. > > > > Suggestions appreciated, > > Tom > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin