Solved

Allow SMTP on Pix firewalll

Posted on 2008-10-29
7
348 Views
Last Modified: 2013-11-30
Hi guys:
Our client moving outbound mail through Frontbridge
firewall rules to allow SMTP traffic on port 25 from the following IP address range:
 x.x.88.0/24 (x.x.88.0/24 = x.x.88.1 - x.x.88.254)
The firewall is PIX515E
Can someone please provide me with commands?
Also any impact for this changes on the current mail becuase I just need to allow those IPs and the actual change for moving the outbound mail will take place later?
0
Comment
Question by:modathir
  • 4
  • 3
7 Comments
 
LVL 5

Expert Comment

by:sharedit
ID: 22835739
what is frontbridge?  
I dont uderstand? are you saying outgoing smtp is currently blocked?
And you want the IP range of 88.1-.254 to be able to send smtp to frontbridge?
only frontbridge?
typically outbound smtp is not blocked.
please describe your setup ?

is 88.0/24 your only ip range?


0
 
LVL 5

Author Comment

by:modathir
ID: 22838035
Hi sharedit:
Frontbridge is Microsoft Exchange hosted services for spam filtering our incoming and outgoing will be through them that range of  IPs are their IPs my question do I need to allow these IPs on our firewall?
check the Frontbridge here https://spam.frontbridge.com
Thanks
0
 
LVL 5

Expert Comment

by:sharedit
ID: 22841973
Do you have an exchange server on site? Does frontbridge filter spam before it gets to your exchange server?  

There shouldn't need to be any commands put in for outgoing smtp. unless it has been setup that way.

If you need to allow mail being forwarded to your exchange server from the spam filter you would use a commands like:


config t
access-list 100 extended permit tcp any any eq smtp
access-group 100 in interface outside
static (inside,outside) tcp interface smtp (IP Address of your exchange server) smtp netmask 255.255.255.255
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 5

Author Comment

by:modathir
ID: 22842674
Yes we do have Exchange Server on site. Yes Frontbridge filter the spam before gets to our Exchange Server
0
 
LVL 5

Expert Comment

by:sharedit
ID: 22843179
if you currently have an exchange server and it is recieving mail, I wouldn't think  you should need to add any addtional commands.  You will want to have whoever hosts your DNS record for your domain change the MX record to point to FrontBridge. They will forward the mail to you after filtering.
0
 
LVL 5

Author Comment

by:modathir
ID: 22843453
Hi sharedit:
Currently we have the exchane and recieving mail fine.
The pix setting  for SMTP, POP3 and IMAP4 as following:
access-list acl_out extended permit tcp any host X.X.X.126 eq pop3
access-list acl_out extended permit tcp any host X.X.X.126 eq smtp
access-list acl_out extended permit tcp any host X.X.X.126 eq www
access-list acl_out remark exchange IMAP forwarding
access-list acl_out extended permit tcp any host X.X.X.126 eq imap4
Where X.X.X.126 is one of our WAN IPs
Thanks
0
 
LVL 5

Accepted Solution

by:
sharedit earned 500 total points
ID: 22843546
that will work also.  those look fine, as long as the access-group acl_out is applied to incoming traffinc on the outside interface.

I don't think you will need to make any changes to the Pix,  The only changes being made will be to your MX Record.

0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange migration 2010 to 2013 7 67
SMTP Relay Issue 12 116
Aol Rejects email, on Office 365 2 246
SPF record 3 67
The most common mistakes I hear or read about email usually begin with people talking about POP3 and IMAP, so let's clear those off the table: POP3 and IMAP have absolutely nothing to do with sending or receiving email, so get that notion out of you…
There was an incident about the POP3 issue for the double read receipts and delivery receipts in Exchange 2013.  There was huge research been done and found solution for the duplicate mails. Especially when the user gets  duplicate mails.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question