Allow SMTP on Pix firewalll

Hi guys:
Our client moving outbound mail through Frontbridge
firewall rules to allow SMTP traffic on port 25 from the following IP address range:
 x.x.88.0/24 (x.x.88.0/24 = x.x.88.1 - x.x.88.254)
The firewall is PIX515E
Can someone please provide me with commands?
Also any impact for this changes on the current mail becuase I just need to allow those IPs and the actual change for moving the outbound mail will take place later?
LVL 5
modathirAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

shareditCommented:
what is frontbridge?  
I dont uderstand? are you saying outgoing smtp is currently blocked?
And you want the IP range of 88.1-.254 to be able to send smtp to frontbridge?
only frontbridge?
typically outbound smtp is not blocked.
please describe your setup ?

is 88.0/24 your only ip range?


0
modathirAuthor Commented:
Hi sharedit:
Frontbridge is Microsoft Exchange hosted services for spam filtering our incoming and outgoing will be through them that range of  IPs are their IPs my question do I need to allow these IPs on our firewall?
check the Frontbridge here https://spam.frontbridge.com
Thanks
0
shareditCommented:
Do you have an exchange server on site? Does frontbridge filter spam before it gets to your exchange server?  

There shouldn't need to be any commands put in for outgoing smtp. unless it has been setup that way.

If you need to allow mail being forwarded to your exchange server from the spam filter you would use a commands like:


config t
access-list 100 extended permit tcp any any eq smtp
access-group 100 in interface outside
static (inside,outside) tcp interface smtp (IP Address of your exchange server) smtp netmask 255.255.255.255
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

modathirAuthor Commented:
Yes we do have Exchange Server on site. Yes Frontbridge filter the spam before gets to our Exchange Server
0
shareditCommented:
if you currently have an exchange server and it is recieving mail, I wouldn't think  you should need to add any addtional commands.  You will want to have whoever hosts your DNS record for your domain change the MX record to point to FrontBridge. They will forward the mail to you after filtering.
0
modathirAuthor Commented:
Hi sharedit:
Currently we have the exchane and recieving mail fine.
The pix setting  for SMTP, POP3 and IMAP4 as following:
access-list acl_out extended permit tcp any host X.X.X.126 eq pop3
access-list acl_out extended permit tcp any host X.X.X.126 eq smtp
access-list acl_out extended permit tcp any host X.X.X.126 eq www
access-list acl_out remark exchange IMAP forwarding
access-list acl_out extended permit tcp any host X.X.X.126 eq imap4
Where X.X.X.126 is one of our WAN IPs
Thanks
0
shareditCommented:
that will work also.  those look fine, as long as the access-group acl_out is applied to incoming traffinc on the outside interface.

I don't think you will need to make any changes to the Pix,  The only changes being made will be to your MX Record.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.