Joe_27
asked on
Unable to forward SMTP Traffic on DMZ
I'm currently using Win Srv 2003 Web Ed for my web server. I have a form in which the results are sent to me via Email. However, I'm not receiving those emails. They are just sitting in queue. My server is attached to the DMZ of a Cisco PIX 515E firewall. Do I need to have a policy to allow SMTP traffic to travel from and to the webserver, for emails to send?
ASKER
It used to send emails under our old one firewall, but since we went with Cisco it doesn't work now. So the ports would need to be opended for the DMZ on the firewall?
Hi Joe_27,
Because the mail is sitting "in queue", it appears that the host is unable to connect with the e-mail server.
From the Win server, try to ping the e-mail system and then do a traceroute to it.
If both are successful, the messages are probably being blocked by a firewall. The traceroute MAY stop at the firewall, depending on what is being let through so this won't be a definitive test.
Good Luck,
Kent
Because the mail is sitting "in queue", it appears that the host is unable to connect with the e-mail server.
From the Win server, try to ping the e-mail system and then do a traceroute to it.
If both are successful, the messages are probably being blocked by a firewall. The traceroute MAY stop at the firewall, depending on what is being let through so this won't be a definitive test.
Good Luck,
Kent
has this worked before (with the PIX) ? If not, then it may be a config problem with the DMZ interface on the PIX. Is the mail server trying to send outbound email, receive inbound email, or both. Can you post a copy of your PIX config (remove any sensitive info, like passwords)
ASKER
This webserver is trying to send outbound mail with IIS' SMTP service. This webserver work with a different firewall other than the PIX. So I don't know if it was set up to do smtp traffic outbound from the DMZ.
Kent, as far as it trying to communicate to our main mail server, I had it set to not allow DMZ traffic to touch the internal network.
Kent, as far as it trying to communicate to our main mail server, I had it set to not allow DMZ traffic to touch the internal network.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi Joe_27.
Bingo. You had the mail server set to not allow DMZ traffic, which I assume is your VPN or through firewall.
Try Pascal666's suggestion. If that doesn't work, try we've got more work to do.
What does your network look like? (forgive the grammar.)
Kent
Bingo. You had the mail server set to not allow DMZ traffic, which I assume is your VPN or through firewall.
Try Pascal666's suggestion. If that doesn't work, try we've got more work to do.
What does your network look like? (forgive the grammar.)
Kent
Hi Joe,
Is the web server in the DMZ trying to send email to a mail server on your internal network?
Check to make sure you have a line like this:
static (inside,dmz) <IP range of internal network> <IP range of internal network> netmask 255.255.255.0
If you post your config without passwords and external IP's we can probably help a little more.
--Chris
Is the web server in the DMZ trying to send email to a mail server on your internal network?
Check to make sure you have a line like this:
static (inside,dmz) <IP range of internal network> <IP range of internal network> netmask 255.255.255.0
If you post your config without passwords and external IP's we can probably help a little more.
--Chris
ASKER
Actually, I want it to send mail to an address outside my network.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Depending on your e-mail implementation, any of several mail ports may need to be opened. SMTP, POP3, IMAP, etc.
Kent