We have a pix 501, 6.3(1), using NAT to allow Internet access for all users. We have an infected computer on our network sending mail, but cannot locate the machine. We would like to create an access list on the pix denying all outbound attempts on port 25 except for our legitimate e-mail server (192.168.1.9), then check the logs for the rogue machine making attempts to send mail.
The access-list rule is as follows: access-list inside_out_smtp deny tcp any any eq smtp access-list inside_out_smtp permit tcp 192.168.1.9 any eq smtp access-group inside_out_smtp in interface inside
Our problem: Once this rule is applied, all outbound Internet traffic stops. I feel that I am close, but must be missing something or might have something out of order in the configuration. Any help or suggestions are appreciated. Thank you for your time, David.