Mail - ASA access question..

Unanswered Question
Jun 10th, 2007

Hi,

im running an ASA 5520 (ios 7.2(2)).

the mails for my organization were being collected in a pop account at the isp end.

the mail server is allowed to the outside network (internet)so it was easily sending mails outside.

to get mails we used to logonto a pop account and retrieve mails via pop retrieving software.

now we decided not to use the isp pop account and use our mail server to recieve mails directly. ( the mx entery on our hosted dns will be the live ip of our mail sever).

my Question is .. what port will i have to open on my ASA security rule to allow mails from outside network being sent to a server on my inside network,.

uptill now i only had http port opened for that server so it was acessable for home users.

will i need to open pop3 port or smtp ???

stuck badly..

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
anandramapathy Sun, 06/10/2007 - 22:04

You will need to open only SMTP, for your server to accept mails from the Internet.

access-list DMZ extended permit ip host mail server IP any

What will happen to your remote users. How will they access mail ?

If you want to allow them to access from home then you may have to open either POP / Other accesss basede on your Mail server

HTH - Please rate all useful posts

a.shaukat Mon, 06/11/2007 - 00:27

thanks ..

the remote branches connect to a core router via (vpn tunnel on shared data circuit) that inturns forwards traffic to the ASA. Permissions are ACL based.

home users use the http rule that allows them to connect to the mail server via browser only. the mails stays on the servers unless they connect through a vpn client and download the mails ..

thanks again :-)

anandramapathy Mon, 06/11/2007 - 00:40

Sorry the right commmand is

access-list DMZ extended permit tcp host (Mail server IP ) any eq smtp

Actions

This Discussion