Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange 2000 with pix 506 2

Status
Not open for further replies.
dougnc

dougnc

Programmer
Sep 2, 2001
62
US
I can send mail out, but nothing comes back. On the Exchange 2000 forum here someone suggested opening port 110. I only had 53 open. Could I be having a pix problem?

Here's my access list. I have a static routing 131 to the server. It's works because comes up. But doug@dougnc.com doesn't.

access-list acl_out permit tcp any host 64.132.200.131 eq www
access-list acl_out permit udp any host 64.132.200.131 eq domain
access-list acl_out permit tcp any host 64.132.200.131 eq smtp
access-list acl_out permit tcp any host 64.132.200.132 eq www
access-list acl_out permit udp any host 64.132.200.131 eq 110
access-list acl_out permit tcp any host 64.132.200.131 eq pop3

Any help would be greatly appreciated.

BTW, I also have this, as per another post:

service resetinbound

Thanks!

Doug
 
Sort by date Sort by votes
You only need 110 open if you will be accessing your e-mail from the outside via pop.
I'm assuming you have applied this to the outside interface.
Also look at taking out the fixup protocol smtp command and see if it works.
 
Upvote 0 Downvote
Thanks. That's good to know.

did a
no fixup protocol smtp 25. Didn't work.

I've got this in my setup.

access-group acl_out in interface outside

I'm sure it working it's working because the web-site access works. I also added this command, as per Cisco docs.

access-list acl_out permit tcp host 64.132.200.131 eq smtp any

Doug

 
Upvote 0 Downvote
I got it working. I finally realized it had to be in my Exchange 2000 setup.

But, I want to get mail from a broad range of users, including AOL, while still maintaining security. What's the difference between:

access-list acl_out permit tcp any host 64.132.200.131 eq smtp

and this:

access-list acl_out permit tcp host 64.132.200.131 eq smtp any

Also, no fixup smtp or fixup smtp?

Thanks!

Doug
 
Upvote 0 Downvote
HI.

The default fixup smtp is recommended because it adds some protection.

You must use this:

access-list acl_out permit tcp any host 64.132.200.131 eq smtp

because it is not practical to select mail servers that will be allowed to send, unless you have another mail relay at the outside.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Thanks. I'm going to clean up the pix programming this weekend, and I'll bear this in mind.

I'm even getting mail from AOL!

Doug
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
671
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
587
Johnkite
Johnkite
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
145
ISDPCMAN
ISDPCMAN
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
110
xwray
xwray
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
192
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top