Ipsec60
asked on
Authenticated SMTP configuration through PIX firewall
We are using windows 2003 to configure SMTP server. In our existing environment we want to configure a SMTP server which will allow relay to authenticated domain users from internet only. SMTP server is inside the PIX firewall and we have statically mapped with a Public IP. We have opened the port 25 for this public IP from outside.
When I use private IP of the SMTP server to send and receive mail it works smoothly but when I try to connect with the Public IP it say’s “Unable to relay” and “authentication fails”.
The configuration which I have done in the SMTP server i.e. simply I have installed SMTP service and Default SMTP virtual Server>Properties>Access>S
And Delivery>advanced>fully qualified domain name>smtp2.domainname.com (here smtp2.domain name is register in the ISP with A record)
And SMART Host>points to Front end server (in the front end server I have enable relay for the new SMTP server with its local IP address.)
How authentication goes on for this SMTP service.
Do I have to open any other port other than 25? And what configuration that I am missing in my new SMTP server; for that it is not accepting any request from Internet.
When I use private IP of the SMTP server to send and receive mail it works smoothly but when I try to connect with the Public IP it say’s “Unable to relay” and “authentication fails”.
The configuration which I have done in the SMTP server i.e. simply I have installed SMTP service and Default SMTP virtual Server>Properties>Access>S
And Delivery>advanced>fully qualified domain name>smtp2.domainname.com (here smtp2.domain name is register in the ISP with A record)
And SMART Host>points to Front end server (in the front end server I have enable relay for the new SMTP server with its local IP address.)
How authentication goes on for this SMTP service.
Do I have to open any other port other than 25? And what configuration that I am missing in my new SMTP server; for that it is not accepting any request from Internet.
ASKER
I am using for authentication Domain name/Username with the option my server requires authentication.
I did not get disabling fixup SMTP in the PIX because if I do it then it will disable port 25 for my other entire SMTP server.
Would you please suggest me more detail steps and procedure to complete the task.
I did not get disabling fixup SMTP in the PIX because if I do it then it will disable port 25 for my other entire SMTP server.
Would you please suggest me more detail steps and procedure to complete the task.
Disabling fixup SMTP does not disable port 25. It turns off the MAIL GUARD feature which causes more problems than it fixes.
I standby my advice to turn off the fixup SMTP option on the PIX.
Is this an Exchange server or a standalone IIS server? It isn't clear from your question.
Do the SMTP logs show an attempt to authenticate?
Simon.
I standby my advice to turn off the fixup SMTP option on the PIX.
Is this an Exchange server or a standalone IIS server? It isn't clear from your question.
Do the SMTP logs show an attempt to authenticate?
Simon.
ASKER
Excellent advice!! it works when I turnoff the fixup SMTP option on the PIX; I could send and receive mail and I am using standalone IIS server. Please advice me if I turnoff fixup SMTP on the PIX will it create any problem in my existing infrastructure regarding Spam mail or any vurnabilities? I mean what are are vurnabilities if I turnoff fixup SMTP option on the PIX.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
username
domain/username
username@domain
something else?
I woudl salso suggest disabling fixup SMTP in the PIX as that gets in the way.
Simon.