Pix config question
Posted on 2007-10-04
In the past I had one email server and sent/recieved all email through it. Now I have a 'relay' server (on my lan) that accepts all inboud/outbound mail for the purposes of SPAM filtering. This is working fine with one exception.
Lets call the two servers email and relay. Lets say I have two external IPs, one that all of my clients are NAT/PATed out to that is the 'global' IP that is exposed to the internet (188.8.131.52) and one that all of my email comes in/out of (184.108.40.206). All email comes into mail.domain.com which has a DNS record pointing to 220.127.116.11.
Now that i have all email traffic going to the relay server had to make port specific tranlation rules on my Pix as below:
25 goes to relay
80 goes to mail for Outlook web access
443 goes to mail for SSL Outlook web access
110 goes to mail for pop3
The issue is that once i put in these 'port specific' tranlation rules on the PIX the publically exposed global IP 18.104.22.168 is being used as the 'source' address instead of the mail 22.214.171.124 address. So whenever an email server does a reverse DNS lookup it is expecting to see 126.96.36.199 and it is instead seeing 188.8.131.52 as the source address of my email, so it is getting rejected.
Is there a way to tell the pix to use external IP 184.108.40.206 for the relay server instead of the global IP of 220.127.116.11? I know this is done if i use a 'blanket' tranlation rule, but i need it to be done with port specific access rules.
Thanks in advance.