outbound smtp

Unanswered Question
Mar 14th, 2008
User Badges:

I have exchange server internal address 192.168.150.253 addressed to external address 67.107.17.133. I am recieving emails but when sending, it looks like it is using .130 address (pool). How can I force it to go out .133 I have tried ip nat inside source static tcp 192.168.150.253 25 67.107.17.133 25

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 03/14/2008 - 16:23
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Could you post your config as it's a bit difficult to say based on what you have put. What do you see when you do a


"sh ip nat translations" on the router ?


Jon

Jon Marshall Fri, 03/14/2008 - 16:36
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay, don't thank me just yet as we haven't fixed it.


Excerpt from your posted ouput


tcp 67.107.17.133:25 192.168.150.253:25 72.74.6.241:50251 72.74.6.241:50251

tcp 67.107.17.133:25 192.168.150.253:25 72.252.51.95:50505 72.252.51.95:50505

tcp 67.107.17.133:25 192.168.150.253:25 74.127.3.109:58827 74.127.3.109:58827

tcp 67.107.17.133:25 192.168.150.253:25 78.174.3.75:1449 78.174.3.75:1449

tcp 67.107.17.133:25 192.168.150.253:25 85.16.92.147:1829 85.16.92.147:1829

tcp 67.107.17.133:25 192.168.150.253:25 85.96.78.246:3540 85.96.78.246:3540

tcp 67.107.17.133:25 192.168.150.253:25 85.96.78.246:3543 85.96.78.246:3543


As you can see your mail server IP address is getting translated to .133. I can't find any translations in your output that show 192.168.150.253 getting translated to the .130 address.


Can you post config.


Also how have you verified that the mail server is going out as .130 ?


Jon

igartaapple Fri, 03/14/2008 - 16:44
User Badges:

When I send an email and show full headers it is saying that it comes from .130 My DNS is setup for reverse and ptf record .133. When aol recieves email from .130 and then does a lookup to .133 it denies the email. .130 address is the nat pool overload. Again thanks.

Danilo Dy Sat, 03/15/2008 - 20:54
User Badges:
  • Blue, 1500 points or more

Hi,


Your server 192.168.150.253. is translated to 67.107.17.130 for traffics other than HTTP and HTTPS.


You need to add this line...

ip nat inside source static tcp 192.168.150.253 smtp 67.107.17.133 smtp extendable


Regards,

Dandy

igartaapple Mon, 03/17/2008 - 09:44
User Badges:

How much different using the smtp vs. 25. I tried the cli command ip nat inside source static tcp 192.168.150.253 25 67.107.17.133 25

aresto Fri, 03/28/2008 - 03:43
User Badges:

Hello friends,

when I tested my smtp server behind cisco router 2811 I did this

220 oamex02.oam.ca Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at

Fri, 28 Mar 2008 06:36:17 -0400

HELO oam.ca

501 5.5.4 Invalid Address

helo oam.ca

250 oamex02.oam.ca Hello [172.15.20.87]

mail from: [email protected]

250 2.1.0 [email protected]...Sender OK

rcpt to: [email protected]

500 5.3.3 Unrecognized command

rcpt to:[email protected]

550 5.7.1 Unable to relay for [email protected]


and part of the configuration on my router regarding the SMTP

ip nat inside source route-map SDM_RMAP_1 interface Vlan1 overload

ip nat inside source static tcp 10.1.1.5 25 interface Vlan1 25


full configuration on the router

interface Vlan1

description DSL2

ip address 209.x.x.X 255.255.255.248

no ip unreachables

ip nat outside

ip virtual-reassembly

no mop enabled

crypto map yyyyyyyy


interface FastEthernet0/1

description Internal LAN$FW_INSIDE$$ETH-LAN$

ip address xxxxxxx.1 255.255.255.0

no ip unreachables

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

no mop enabled


what is the right configuration that makes the incomming smtp successfully tested


aresto Fri, 03/28/2008 - 03:53
User Badges:

regarding full configuration

aaa new-model

!

!

aaa group server radius VPNClient

server-private x.x.x.2 auth-port 1yy5 acct-port 1yy6 key

30017

!

aaa authentication ppp default local

aaa authorization network default if-authenticated

!

aaa session-id common

!

resource policy

!

no ip source-route

!

!

ip cef

!

!

no ip bootp server

no ip domain lookup

ip domain name headcan.com

ip inspect name ALLOWED tcp

ip inspect name ALLOWED udp

ip ips notify SDEE

vpdn enable



!

interface FastEthernet0/1

description Internal LAN$FW_INSIDE$$ETH-LAN$

ip address 10.1.1.1 255.255.255.0

no ip unreachables

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/2/0

!

interface FastEthernet0/2/1

!

interface FastEthernet0/2/2

!

interface FastEthernet0/2/3

!

interface Virtual-Template1

ip unnumbered Vlan1

ip mroute-cache

peer default ip address pool dial-in

ppp encrypt mppe auto

ppp authentication chap pap ms-chap mschap-v2

!

interface Vlan1

description DSL2

ip address 209.z.z.130 255.255.255.248

no ip unreachables

ip nat outside

ip virtual-reassembly

no mop enabled

crypto map zzzzzzz

ip route 0.0.0.0 0.0.0.0 209.x.x.129


ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip nat inside source static tcp z.z.z.5 443 interface Vlan1 443

ip nat inside source static tcp z.z.z.5 143 interface Vlan1 143

ip nat inside source static tcp z.z.z.5 80 interface Vlan1 80

ip nat inside source static tcp z.z.z.5 110 interface Vlan1 110

ip nat inside source static tcp z.z.z.5 25 interface Vlan1 25

ip nat inside source route-map zzzzzz interface Vlan1 overload

ip nat inside source static tcp z.z.z.5 3389 interface Vlan1 3389




igartaapple Fri, 03/28/2008 - 09:50
User Badges:

Greetings to all. Just got off the phone with cisco. Problem is 2 fold. There is a nat issue with pre 12.13 IOS as well as the new 12.14. Also, Nat was getting overloaded because of a possible dos attack using netbios.

aresto Sat, 03/29/2008 - 08:56
User Badges:

Thanks for the info but what is the solution for my problem in this case?

Actions

This Discussion