Pix 501 Email receive issue

Dear All,

Am having problem setting up a Pix 501 on a small home office network. WAN port is currently holding the MX address for my domain (100.X.X.175) and the LAN port (192.168.1.1) sits on the same switch as the Exchange server (192.168.1.3).

There is no problem setting up the basic system and am using PAT to send all Inside information to the outside using the outside interface, so email out has no problem.

The issue is receiving email to the exchange server. Have entered the following commands that I believed would be enough (rest of the set-up prior to these commands could have been achieved by PDM or on command line and have tried both just in case).
<<<<<>>>>>>
static (inside,outside) tcp 100.X.X.175 25 192.168.1.3 25 netmask 255.255.255.255

access-list permit_mail_in permit tcp any host 100.X.X.175 eq 25
access-group permit_mail_in in interface outside

no fixup protocol smtp 25     (have tried with or without)
<<<<<<>>>>>>

I am somewhat stumped now any clues on what I may have missed??
Thanks
Jon


JonE_BravoAsked:
Who is Participating?
 
martapConnect With a Mentor Commented:

Yes he did Alex, he used the port number (25).

Jon, did you try rebooting the PIX?

It could also be that your ISP is blocking direct access to port 25. My ISP does this, to solve the ISP wants that you put in an secondary MX record that points to their mail server. Once the mail is received by their mail server they do some spam checking and sends the mail to the primary mx which is your server.

You might want to look into that.

GoodLuck !

Marvin
0
 
alex_yalaCommented:
Hi Jon,

Just a little changes on the static will fix it actually

static (inside,outside) tcp 100.x.x.175 smtp 192.168.1.3 smtp netmask 255.255.255.255 0 0

You did not specified what TCP traffic is PAT into your Exchange server.
The secure way of doing it is to specified the particular traffic to the static command, such as SMTP, WWW, HTTPS, etc


the access-list and access-group are fine.

Again on the fixup, preferably to put the fixup ON, otherwise outside people will know what sort of Email system you are using.

Good Luck,

Alex.
0
 
martyboyCommented:
Get someone to telnet to port 25 from outside. Can they connect to the exchange?

If the isp blocked port 25 you shouldnt be able to send mail from your system. But you state that you can so isp shouldnt be the issue if one
way direction works.
0
 
JonE_BravoAuthor Commented:
Thanks Marvin - it was an error from the ISP end which we could not see.

It turned out to be bad timing for putting in a different firewall and it just made me think I had gone mad.

Everything is good now - points to you for the correct source. And thanks to others for having a look.

Cheers

Jon
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.