Configure ASA to prevent mail relay

We as Network Engineers are often called upon to “fix” problems that others create. For example, how many Server Admins do you know that go and install the latest version of Exchange, fail to properly secure it, and two days later the domain is blacklisted everywhere for being an open relay? Yeah, I thought so. Since we tend to be the smartest people in IT, we’re often called in to save the day. Since the previous anecdote is a common one, here is one way to be the hero once again.

Here we create a regular expression which has our domain name.
Firewall(config)# regex PermittedSenders “”
Firewall(config)# policy-map type inspect esmtp SMTP-Policy

This one is optional. It states that if any email that has more than 100 recipients should be blocked.
Firewall(config-pmap)# match cmd RCPT count gt 100
Firewall(config-pmap-c)# reset log
Firewall(config-pmap-c)# exit
Firewall(config-pmap)# match not sender-address regex PermittedSenders
Firewall(config-pmap-c)# reset log
Firewall(config-pmap-c)# exit
Firewall(config-pmap)# parameters
Firewall(config-pmap-p)# mail-relay action drop-connection log
Firewall(config-pmap-p)# exit
Firewall(config-pmap)# exit
Firewall(config)# policy-map MPF-Policy
Firewall(config-pmap)# class class-default
Firewall(config-pmap-c)# inspect esmtp SMTP-Policy
Firewall(config-pmap-c)# exit
Firewall(config-pmap)# exit
Firewall(config)# service-policy MPF-Policy interface outside

Note that credit should go to David Hucaby for this one.

Leave a Reply

Your email address will not be published. Required fields are marked *