PIX 506 vs MS Exchange

[Guest_imported]

I have a PIX 506 and a MS Exchange server 5.5 in the inside interface.
I can receive mail from Hotmail but I cannot receive them from other origins.

 

[Pcarcary]

Hi

by your question I assume you mean that you can collect mail from hotmail through the pix? If this is so it is probably due to an existing global statement, allowing an inside user out for 'most any purpose. it is not related to no SMTP mail in for exchange

In the simplest of terms there are 3 things to do

you need to define a static mapping on the pix between the public address your mailserver is known by from your MX records
you need to create a conduit to that address from "any" so that internet based smpt servers can connect to you and transfer mail
you probably need to define the pix as the default gateway for the mailserver

Hope this helps

 

[Bluecrack]

PCarcary is right, if the problem is that you can send mail to a hotmail account from the MS Exchange server inside the firewall but not receive any mail from the Internet.

However, if the case is that you can receive mail in Exchange from Hotmail but not from other mail servers, then it could be a problem with the IDENT protocol. I ran into this recently. The PIX, by default, blocks all inbound traffic and some mail servers use the IDENT protocol in SMTP sessions to gather more info about your server. What happens is the other server uses IDENT To get info about your server and pix blocks the IDENT packets so the other mail server has to wait for the IDENT protocol to timeout before proceeding with the SMTP session. The command "service resetinbound" will reset the IDENT session and allow the SMTP session to continue without timing out.

The following article explains more and decribes how to verify that this is the problem.

http://www.cisco.com/warp/public/110/2.html

Hope this helps.