Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Email takes to much time to be sent

Status
Not open for further replies.
Guest_imported

Guest_imported

New member
Jan 1, 1970
0
0
0
I have a PIX 515 with 3 interfaces.
My MailServer ( a cobalt Raq4r) is in the DMZ.
My problem happend when i send email, it takes sometimes more than 30 sec for the mail to be sent to the Cobalt.
In my pix syslog, every time i send a mail (from my PC 172.18.100.125 - inside) i have this message twice :
%PIX-2-106001: Inbound TCP connection denied from 192.168.0.3/1114 to 172.18.100.125/113 flags SYN on interface dmz

192.168.0.3 is my MailServer

This a part of my PIX config

ip address outside 196.121.122.73 255.255.255.0
ip address inside 172.18.100.1 255.255.0.0
ip address dmz 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 196.121.122.75-196.121.122.76
global (outside) 1 196.121.122.74
global (dmz) 1 192.168.0.10-192.168.0.20
nat (inside) 1 172.18.0.0 255.255.0.0 0 0
static (dmz,outside) 195.101.102.77 mailserver netmask 255.255.255.255 0 0
conduit permit icmp any any
conduit permit tcp host 196.121.122.77 eq smtp any
conduit permit tcp host 196.121.122.77 eq pop3 any
route outside 0.0.0.0 0.0.0.0 196.121.122.78 1

Thank in advance for your help.
olly@wanadoo.fr
 
Sort by date Sort by votes
It's a problem that came frident protocol.
Your email server try to ident the sender of the email.
It try to make a connection on port 113.
I don't look to much at your configuration but from what I understand you get out with a PAT (many internal address to few global address). Using Pat, you cannot create a conduit to permit inbound 113.
The only solution it's to disable ident on your email server or try to put a little timeout on ident.
Also, Cisco say somewhere that you can improve the speed of this problem creatind a DNS server with direct and reverse zone and in this DNS server to have entries for every address in use by pat (in your case 196.121.122.74, 196.121.122.75, 196.121.122.76). I try this but didn't came with improuvement that I expect.
On my linux email server I recompile pop3 server and I put ident timeout 0 and the speed had increase.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
146
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
146
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
121
nnaarrnn
nnaarrnn
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
49
Russtoleum
Russtoleum
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
52
ISDPCMAN
ISDPCMAN

Part and Inventory Search

Sponsor

Back
Top