PIX 506e reverse lookup MX record with Barracuda
Posted on 2006-05-10
We have a Barracuda spam appliance in our network. As you can see from the configuration of our PIX 506e below e-mail is forwarded to the Barracuda (ip 10.10.10.12) and then from there it is sent on to our mail server at 10.10.10.10. That works fine.
The firewall WAN address is 126.96.36.199
Our MX record for mail.mydomain.com resolves to public ip address 188.8.131.52
A PTR record exists for address 184.108.40.206 to mail.mydomain.com
But when we send mail from our mail server 10.10.10.10 it is sent via the firewall WAN address of 220.127.116.11, and as a consequence reverse lookup fails (it should return mail.mydomain.com). Therefore many mail servers reject our e-mail because of their policy that reverse lookup must succeed.
How do I configure my PIX so that:
1. Incoming mail will go to the Barracuda at 10.10.10.12
2. Outgoing mail from 10.10.10.10 will be sent via 18.104.22.168
3. AND I can still use the https service on the mail server?
This is my current configuration:
name 10.10.10.12 BARRACUDA
name 22.214.171.124 mail.mydomain.com
name 10.10.10.10 MAILSERVER
access-list outside_access_in permit tcp any host mail.mydomain.com eq smtp
access-list outside_access_in permit tcp any host mail.mydomain.com eq https
static (inside,outside) tcp mail.mydomain.com smtp BARRACUDA smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp mail.mydomain.com https MAILSERVER https netmask 255.255.255.255 0 0