I have setup mail server behind PIX firewall, internally mail server works fine. Only problem is from outside. following is the ACL configured on PIX,
access-list 200 extended permit tcp any eq pop3 host xx.xx.xx.xx eq pop3
access-list 200 extended permit tcp any eq smtp host xx.xx.xx.xx eq smtp
where xx.xx.xx.xx is the private ip address of mail server.
Is this rule is enough for running Mail server behind firewall ans is this rule seems correct...?
NAT Translation is also has been configured correctly.
Source port should not be pop3. This should be your inbound access-list on the outside interface.
access-list 200 extended permit tcp any host xx.xx.xx.xx eq pop3
access-list 200 extended permit tcp any host xx.xx.xx.xx eq smtp
xx.xx.xx.xx should be the public IP of the server if it should be access thru internet. Then use the "static" command to translate the server's private IP to public IP.