Pix 501 Email receive issue

Posted on 2005-04-12
Medium Priority
Last Modified: 2010-04-09
Dear All,

Am having problem setting up a Pix 501 on a small home office network. WAN port is currently holding the MX address for my domain (100.X.X.175) and the LAN port ( sits on the same switch as the Exchange server (

There is no problem setting up the basic system and am using PAT to send all Inside information to the outside using the outside interface, so email out has no problem.

The issue is receiving email to the exchange server. Have entered the following commands that I believed would be enough (rest of the set-up prior to these commands could have been achieved by PDM or on command line and have tried both just in case).
static (inside,outside) tcp 100.X.X.175 25 25 netmask

access-list permit_mail_in permit tcp any host 100.X.X.175 eq 25
access-group permit_mail_in in interface outside

no fixup protocol smtp 25     (have tried with or without)

I am somewhat stumped now any clues on what I may have missed??

Question by:JonE_Bravo

Expert Comment

ID: 13768071
Hi Jon,

Just a little changes on the static will fix it actually

static (inside,outside) tcp 100.x.x.175 smtp smtp netmask 0 0

You did not specified what TCP traffic is PAT into your Exchange server.
The secure way of doing it is to specified the particular traffic to the static command, such as SMTP, WWW, HTTPS, etc

the access-list and access-group are fine.

Again on the fixup, preferably to put the fixup ON, otherwise outside people will know what sort of Email system you are using.

Good Luck,


Accepted Solution

martap earned 2000 total points
ID: 13771679

Yes he did Alex, he used the port number (25).

Jon, did you try rebooting the PIX?

It could also be that your ISP is blocking direct access to port 25. My ISP does this, to solve the ISP wants that you put in an secondary MX record that points to their mail server. Once the mail is received by their mail server they do some spam checking and sends the mail to the primary mx which is your server.

You might want to look into that.

GoodLuck !


Expert Comment

ID: 13771985
Get someone to telnet to port 25 from outside. Can they connect to the exchange?

If the isp blocked port 25 you shouldnt be able to send mail from your system. But you state that you can so isp shouldnt be the issue if one
way direction works.

Author Comment

ID: 13772594
Thanks Marvin - it was an error from the ISP end which we could not see.

It turned out to be bad timing for putting in a different firewall and it just made me think I had gone mad.

Everything is good now - points to you for the correct source. And thanks to others for having a look.



Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question