SMTP from DMZ to mail server also on DMZ fails 1

[skeelm]

I am a PIX 515 newbie and would appreciate any help with this problem.

I have a mail server and a web server on the DMZ. People can access our website and request information. The request is e-mailed to an internal mailbox. Problem is - mail doesn't arrive. I have analysed the packets and basically the problem is the webserver put out a DNS (DNS is hosted externally) query for the mail server. The reply gives the global address of the mail server. The webserver tries to contact the mail server using the global address, but never gets a response.

I have tried adding the following command -

alias (dmz) 10.10.10.100 195.194.33.200 255.255.255.255

and sysopt noproxyarp dmz

but this makes no difference.

My supplier seems unable to provide a solution, so I am at a loss!!!!

Thanks in advance,

Mike

 

[tbissett]

Instead of the DNS doctoring method for this command, give the Destination NAT version a try:

alias (dmz) 195.194.33.200 10.10.10.100 255.255.255.255

You can also disable the sysopt noproxyarp dmz command

Or, did you already try that?

 

[yizhar]

HI.

You can solve it at the application layer.
Simply configure the web server SMTP service to forward all (or just @yourdomain) mail to the ip of your mail server.
That's it.
You can remove the unneeded "alias" command.


Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[skeelm]

I have tried both suggested fixes, but decided to try them again in case I slipped up the first time. Still does not work. I am begining to suspect that the problem is with the webserver.

 

[skeelm]

Well Yizhar was right!

Once our webmaster had corrected his script(!), mail from the webserver started to arrive.

Thanks Yizhar, your assistance is very much appreciated.

Mike.