Problem with firewall accepting mail
We recently moved to new office. I had a consultant set up the firewall. He was supposed to configure it exactly as the old one. He didn't and now he can not be reached.
Our MX record points to a SPAM filtering company. They then send our mail to us. For the first day they could not send us any mail. Then I finally got the consultant to put in a change to fix it. This morning I received this message from the SPAM company.
Still having issues delivering mail to your server consistently. I currently have 85 messages in queue for your domain. They have been slowly climbing.
I see most mail is going through ok but some seems to be getting an error from your server/firewall:
2011-03-23T16:34:40.351358
If you have ‘smtp fixup’ set on your firewall, you will want to disable that, it definitely could cause these types of issues.
I do not have smtp fixup set on the firewall.
Our MX record points to a SPAM filtering company. They then send our mail to us. For the first day they could not send us any mail. Then I finally got the consultant to put in a change to fix it. This morning I received this message from the SPAM company.
Still having issues delivering mail to your server consistently. I currently have 85 messages in queue for your domain. They have been slowly climbing.
I see most mail is going through ok but some seems to be getting an error from your server/firewall:
2011-03-23T16:34:40.351358
If you have ‘smtp fixup’ set on your firewall, you will want to disable that, it definitely could cause these types of issues.
I do not have smtp fixup set on the firewall.
ASKER
I am going to check with them right now.
ASKER
The company is in California so I am sure they will not be in for a couple of hours.
Always nice, different timezones :)
Allright, let's just wait then for now and let me know when they are in.
Allright, let's just wait then for now and let me know when they are in.
ASKER
They did get back to me and they said those are the correct addresses.
access-list internet extended permit tcp 64.19.188.16 255.255.255.240 any eq smtp
access-list internet extended permit tcp 206.188.13.128 255.255.255.240 any eq smtp
access-list internet extended permit tcp 4.78.136.16 255.255.255.240 any eq smtp
access-list internet extended permit tcp 64.19.188.16 255.255.255.240 any eq smtp
access-list internet extended permit tcp 206.188.13.128 255.255.255.240 any eq smtp
access-list internet extended permit tcp 4.78.136.16 255.255.255.240 any eq smtp
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks again. I made the changes and will let you know what happens.
I'll be here :)
ASKER
Should I reboot the firewall?
disabling ESMTP Inspection should solve the issue...
Not really. Those changes should be effective immediatly.
ASKER
Once again you are the best.
Thx, only I'm afraid you awarded the wrong one :-(
ASKER
I'm so sorry. I would double the points for you if I could. I hope your reading on Monday I will need more help.
Never mind, I was convinced it wasn't your intention.
See you on monday :)
See you on monday :)
Could be a number of things so let's see. Looking at the config from your previous question I see no smtp fixup indeed. By the way, it is called 'inspect' in the ASA.
You do have an inspect esmtp which might be the issue.
On the other hand I see that you are only allowing smtp traffic in from a number of ip ranges. Are you sure that all the ip addresses from where your SPAM filtering company could send you mail are covered?