We have a Barracuda spam appliance in our network. As you can see from the configuration of our PIX 506e below e-mail is forwarded to the Barracuda (ip 10.10.10.12) and then from there it is sent on to our mail server at 10.10.10.10. That works fine.
The firewall WAN address is 220.127.116.11
Our MX record for mail.mydomain.com resolves to public ip address 18.104.22.168
A PTR record exists for address 22.214.171.124 to mail.mydomain.com
But when we send mail from our mail server 10.10.10.10 it is sent via the firewall WAN address of 126.96.36.199, and as a consequence reverse lookup fails (it should return mail.mydomain.com). Therefore many mail servers reject our e-mail because of their policy that reverse lookup must succeed.
How do I configure my PIX so that:
1. Incoming mail will go to the Barracuda at 10.10.10.12
2. Outgoing mail from 10.10.10.10 will be sent via 188.8.131.52
3. AND I can still use the https service on the mail server?
This is my current configuration:
name 10.10.10.12 BARRACUDA
name 184.108.40.206 mail.mydomain.com
name 10.10.10.10 MAILSERVER
access-list outside_access_in permit tcp any host mail.mydomain.com eq smtp
access-list outside_access_in permit tcp any host mail.mydomain.com eq https
static (inside,outside) tcp mail.mydomain.com smtp BARRACUDA smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp mail.mydomain.com https MAILSERVER https netmask 255.255.255.255 0 0