ASA and setting outbound email IP

We are using the Cisco ASA and using Exchange server.  Currently our MX record points to another server that forwards mail to the inside Exchange server.  What I want to do is make that when mail is sent out from Exchange that the ASA uses the same IP as what's on the MX record instead of the firewall IP.  This is to make sure that any email servers that do reverse MX lookups will accept our mail properly.  How would I best accomplish this via NAT - would I make a global pool for the outside IP?  I though a static one to one would work but I'm not sure that's correct.  I get a little confused when talkinig about Dynamic NAT since I thought Dynamic was one to many and I would think a NAT from the Exchange server to an outside IP would be one to one?  I'm probably confusing myself the more I type - any suggestions greatly appreciated!!
entservAsked:
Who is Participating?
 
grbladesCommented:
AOL are not that bad. You can register with their spam complaints department and any mail that you send which people class as spam get reported to you aswell so you can go through and remove them from mailing lists manually.

Hotmail are by far the worst. They can decide to start classifying you as a spammer and all mail gets accepted and automatically deleted without going into the user spam folder. They refuse to whitelist or give any information why the sender is being blocked. I have seen a few people having hotmail issues like this.
0
 
grbladesCommented:
What you are asking is not necessary. The only important thing is that when your server sends mail outside the hame it gives in the HELO/EHLO command matches the IP address it is connecting from. A reverse DNS lookup on the IP should also refer back to the same name.
Having a different set of servers for receiving and sending mail is extremely common and so it would not be expected that the server sending mail from a domain would be in the MX list for that domain.


How would you like to proceed?
If you post your pix configuration I can give you the commands to do as you originally asked or if you are having a problem with some of your mail being classed as spam or rejected I can help you out with that aswell.
0
 
entservAuthor Commented:
Well that's what I would have expected too.  What I believe happened - and this was a few years ago - but we had problems sending emails to AOL (I'm porting over the setup from another firewall to the ASA).  After a little investigation I saw some information that indicated that AOL would only accept email from a site where the MX record is the same as the outbound email IP.  Once we changed that we had no difficulty.  I believe that was the only provider we had issues with.  I believe it was related to trying to combat spam - perhaps that's been changed now.  Does this make sense what I'm describing?
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
grbladesCommented:
It is possible. If it was a few years ago then it would definetly have changed since SPF has been established since then and AOL would use it. SPF is where you publish a list of machines which are permitted to send email from your domain. Any mail pretending to be from your domain which does not come from a machine in that list can be rejected.

I have links and some infor about this on my website at http://www.gbnetwork.co.uk:/mailscanner (whitelist section).
0
 
entservAuthor Commented:
We do have an SPF record so I think I'll see if that alone is enough, otherwise maybe I can check back later and go from there.  AOL has always been a tough provider to email to so it wouldn't surprise me if things are different now than even a few months ago.  Thanks for the help!
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.