Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port Forwarding SMTP to another E-mail Server

Status
Not open for further replies.

ChrisFrez

MIS
Oct 30, 2001
4
US
I put a Spam server inline with my current Exchange server. I changed my MX records in my DNS to allow mail to hit my Spam server first before my Exchange. This is only catching 40-50% of the Spam that is coming in - a lot of the spam is sent straight to my Exchange server.

I'm running a Cisco Pix 515E OS 6.3(1). I need to setup a port forward from my Exchange server to my Spam server. Basically if any e-mail is sent from the outside directly to my Exchange server, that it will automatically be forwarded through my Spam Server first.

How do I go about doing this. I'm using the Cisco Pix Device manager though the web to Administrate the PIX. Any help would be much appreciated! :)
 
What you need to do is remove the MX record pointing to your exchange server. If you are filtering mail then you want to filter everything so there is no reason for an MX record pointing to your exchanger server, that creates a whole where mail can bypass the spam server.
 
I would leave both MX record in for redundancy. If one server is down, the other will still be able to receive mail. MAKE SURE THE SPAM SERVER HAS A LOWER PRIORITY IN YOUR DNS MX RECORD. Mails will connect to your spam server first and then if that's down, it will try the server.

Most spam software will not catch all spam emails.

 
I've already got the MX records setup properly. I've got my Spam server as an MX 10 and my Exchange server as MX 20. The problem is not all my mail coming in is hitting the Spam Server first - it's going directly to the Exchange server. I'm running a Whitelisting Challenge/Response type Spam server and this catches everything.

This is the reason why I need to know how to setup some sort of port forwarding through my PIX. So if any mail is trying to directly connect with my Exchange server, it re-directs it to my Spam server.
 
Like I said you need to remove the MX record for exchange otherwise you will always receive mail on exchange. The PIX will not be able to do anything since you would need two different static translations for the same host and that is not possible. Let us assume MX record for spam is 123.123.123.123 and the MX record for exchange is 123.123.123.124. Spam has IP address 10.1.1.1 you would need:

static (inside, outside) 123.123.123.123 10.1.1.1 netmask 255.255.255.255
static (inside, outside) 123.123.123.124 10.1.1.1 netmask 255.255.255.255

and that is not possible. Besides if you want to filter ALL mail why would you need an MX record for exchange?
 
I agree that you need to remove your exchange server's MX record. A better alternative would be to setup a second incoming spam filter server. I'm assuming you set it up on Linux and then create a new MX record for it. Then have both incoming mail servers setup to forward to your Exchange server.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top