Have a seldom issue that I would like to resolve by way of address translation, if possible.
Mail Server is inside the private LAN and a Email Spam filter system in the DMZ. All incoming SMTP traffic is directed to the filter using a static command and then sent to the mail server. All outgoing smtp traffic is sent out from the mail server directly to the destination mail system.
My issue is when the mail server establishes an smtp connection with the remote system. To the receiving end, the mail server's IP address appears as our publicly NATed address, which is different then the registered public IP address in DNS for the same mail server. At times remote mail servers reject our mail because the reverse lookup do not match, ie my NATed address is different than the mail server public address. Some systems reject because it appears as relayed email.
I was looking at adding another translation (global and nat) rule for the internal mail server only so that all traffic looks like it is coming from the DNS registered IP address and not our current NATed address.
I am just not sure if the PIX will be happy with me using a global command with an address that will also be used in a static command. I need that static command for all incoming smtp traffic to be forwarded to the filter in the dmz, as mention earlier.
Has anyone come across this or can shed some light on a possible alternative.