PIX Not Allowing SMTP from Outside Interface

auroratech · ‎02-03-2008

Hello, all. Here's the scenario: PIX 501 provides firewall/VPN services to office with the web/mail server on the inside. Mail and web work fine on the local LAN, and web and POP/IMAP work fine on the outside, but SMTP does not. It appears that all outbound mail traffic coming through the outside interface is blocked, so outside of the office folks can receive mail just fine, but can't send.

My current config is attached.

Many thanks, in advance, for any suggestions you may have.

fahad.sheikh · ‎02-03-2008

On the outside interface of your firewall apply a access-list to permit traffic the public ip of the mail server on the SMTP port. This should resolve your problem.

auroratech · ‎02-03-2008

I believe I've already got that. From my posted config:

access-list outside-in permit tcp any host eq smtp

fahad.sheikh · ‎02-03-2008

What do you mean by ? Is it the public IP of your mail server?

auroratech · ‎02-03-2008

Yes, it is the public IP address of the mail server, which is also the IP address of the outside interface of the PIX.

fahad.sheikh · ‎02-03-2008

Do you see any hit counts on the access-list for SMTP?

auroratech · ‎02-03-2008

Not sure how I'd check that. Suggestions?