Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Forward smtp to outside ip address 1

Status
Not open for further replies.
Bizounett

Bizounett

IS-IT--Management
Nov 25, 2008
62
CA
Hi,

I have a PIX506e, I want to forward all incoming SMTP (Port 25) to an external address. This is a Barracuda Spam firewall. After the successful scan he send back the E-Mail to the PIX but on the Port 26. I create a static for the port 26, and put the 26 as listen port in my mail server.

Then I try this for the port 25 :

static (inside,outside) tcp interface smtp x.x.x.x smtp netmask 255.255.255.255

But not work. Let me know if is it possible.

Thanks

Bizz
 
Sort by date Sort by votes
Hello Bizounett,

Try the code below.

Code: 
fixup protocol smtp 25-26

static (inside,outside) tcp interface smtp x.x.x.x smtp netmask 255.255.255.255

HTH

-Viconsul
 
Upvote 0 Downvote
Thanks for your answer but, the port 26 work great. Is the port 25 that I cannot forward to the external IP address.

I have

no fixup protocol smtp 25

If I leave

fixup protocol smtp 25

I have some trouble with authentication to the mail server from clients. Check my other post on that troble now fixed.

My concern is to forward smtp 25 to the outside IP address ?

Someone have an idea ?

Thanks
 
Upvote 0 Downvote
Bizounett,

Try this
Code: 
access-list inside-out permit tcp host x.x.x.x any eq smtp
Where inside-out is your outbound traffic acl and x.x.x.x is your internal smtp server ip.

HTH

-Viconsul
 
Upvote 0 Downvote
Can you clarify how this is setup?? Is the spam filter a hosted appliance?? I've never used a Barracuda before, but perhaps the way to do this is to direct your MX records to the address of the barracuda and then within the barracuda you would identify your public ip address as the final destination. I'm not sure what messaging platform you are using and I'm not sure if you're filtering outbound e-mail through the appliance, but you should be able to smart host all outbound e-mail through the barracuda. I hope I'm making sense and understanding your scenario.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Viconsul,

If my understand is well, you want to permit my inside mail server to go out on port 25 ? I have an access list 100 for the inbound traffic but outbound acl ? I guess I don't have one, is it possible ?

BTW, I want it to be that the pix will be forward the port 25, not my mail server. I don't have any config in my mail server to forward ports.

Let me know if I'm in the rigth way.

Thanks

Bizounett
 
Upvote 0 Downvote
unclerico,

The Barraccuda is a spam firewall. All incoming mail go to the Barraccuda, check the mail and forward it on a choosen smtp port to the mail server. In my case is the port 26.

The MX reccord, yes I thougth it, but the Barraccuda is not in the same building and I want te be able to change quickly the config if something happen to the Barraccuda. I have 5 domanis on my mail server and I don't want to have downtime cause by the MX change.

Bizounett
 
Upvote 0 Downvote
I understand. Tell me if I've got your scenario down:
1) Remote user e-mails bizounett@contoso.com
2) The PIX receives the mail on port 25
3) The mail will automatically be redirected to the external IP of the Barracuda
4) The Barracuda scans the e-mail
5) If the scan passes it redirects the mail back to the original destination but this time using port 26

If this is the case, I know of no way to do this by solely using the PIX to redirect the content. Perhaps SuperG does.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
unclerico,

Yes sir. You have the good scenario.

You thik it's impossible, It was my fear too !

I'll wait if SuperG have in idea on that case.

Thanks for your help
 
Upvote 0 Downvote
I know that you don't want to use the MX record alternative, but doing it this way you will be using a lot more bandwidth by receiving e-mails twice. It's a tradeoff and depending on your mail volume you might notice a pretty big spike in usage. Just a thought...

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
unclerico,

Finally I use the MX. I'm with zoneedit and I can put more than one MX reccord. Then I put the Barracuda first and my mail server in second. It's work like a charm.

Thanks for your help

Bizz
 
Upvote 0 Downvote
good to hear

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
809
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
597
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
674
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
198
Russtoleum
Russtoleum
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
598
nnaarrnn
nnaarrnn

Part and Inventory Search

Sponsor

Back
Top