[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Not receiving mail on exchange with port 25 open. Exchange 2003 / Pix 506e

Posted on 2007-10-13
4
Medium Priority
?
1,796 Views
Last Modified: 2013-11-16
We have our MX records set to deliver mail here as priority 5, then to the old host as priority 15. Once I get 25 open properly it should come in no problem. I turned off fixup protocol smtp, set a static rule to go to the exchange server (192.168.1.3), and allowed tcp traffic on port 25 through the ACL. I must be doing something wrong.

Here is my current configuration.

PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password e8dnxwQsFhiGPRPq encrypted
passwd e8dnxwQsFhiGPRPq encrypted
hostname twhouse.com
domain-name twhouse.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names        
access-list acl_out permit icmp any any
access-list acl_out permit tcp any host xxx.xxx.238.143 eq pptp
access-list acl_out permit gre any host xxx.xxx.238.143
access-list acl_out permit tcp any interface outside eq www
access-list acl_out permit udp any interface outside eq www
access-list acl_out permit tcp any interface outside eq https
access-list acl_out permit tcp any interface outside eq 993
access-list acl_out permit tcp any interface outside eq 123
access-list acl_out permit tcp any interface outside eq smtp
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 102 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
pager lines 24
logging on    
logging monitor debugging
logging buffered debugging
logging trap debugging
logging history debugging
logging host inside 192.168.1.3
icmp permit any outside
mtu outside 1500
mtu inside 1500
ip address outside xxx.xxx.238.143 255.255.255.128
ip address inside 192.168.1.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface www 192.168.1.3 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 192.168.1.3 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 993 192.168.1.3 993 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 993 192.168.1.3 993 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 443 192.168.1.3 443 netmask 255.255.255.255 0 0
static (inside,outside) udp interface www 192.168.1.3 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pptp 192.168.1.3 pptp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface smtp 192.168.1.3 smtp netmask 255.255.255.255 0 0
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.238.129 1
route inside 10.0.100.0 255.255.255.0 192.168.1.251 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community 0192837465
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map mymap 1 ipsec-isakmp
crypto map mymap 1 match address 102
crypto map mymap 1 set peer 72.149.219.154
crypto map mymap 1 set transform-set myset
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address 72.149.219.154 netmask 255.255.255.255
isakmp keepalive 10
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh xxx.yyy.84.134 255.255.255.255 outside
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:c4d3eef28843bfb0d0465d7c9714712d
: end  


External IP addresses masked for security
Keith Alabaster
EE Page Editor
0
Comment
Question by:penningtonj
  • 2
  • 2
4 Comments
 
LVL 36

Assisted Solution

by:grblades
grblades earned 2000 total points
ID: 20071162
The PIX config looks fine. Try running the 'clear xlate' command.
0
 

Author Comment

by:penningtonj
ID: 20071184
That still didn't do it.

Here are the MX records ...

twhouse.com.      MX      IN      86400      twhexc.twhouse.com. [Preference = 5]
twhouse.com.      MX      IN      86400      mailserver.hollandcomputers.com. [Preference = 15]

Mail still comes through on the second server. I can telnet into port twenty five from within the network, but I can't from the outside. I'm not sure if I'm supposed to be able to from the outside, but thought I was add that piece of information.
0
 

Author Comment

by:penningtonj
ID: 20071403
Alright, the problem is that our ISP is blocking incoming on port 25.

We have access to another mail server outside the network. How can I have the admin of that server configure it to accept mail on 25, send it out an alternate port, and have my server accept it on that alternate port?
0
 
LVL 36

Accepted Solution

by:
grblades earned 2000 total points
ID: 20071479
Sorry for the late reply. EE was playing up for a while.

How to configure exhcnage to listen on a different port - http://support.microsoft.com/kb/274842

How to configure the other mail server on the internet will vary depending on what mail server software it is running.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month18 days, 6 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question