Blocker drops connection to mail server when port forwarding is changed on firewall

nathanv · ‎10-02-2009

I have been trying to get my blocker set-up in my domain and have been stumbling along. I finally got to the point where the blocker would communicate with the exchange server (by test). I then changed the port forwarding on my firewall so that it forwarded all email to the blocker to be checked. This works but now the blocker will not forward to the exchange server. Am I missing something elso??

When I changed the port forwarding on my firewall back to the original IP address, then email went back to my exchange server and the blocker could communicate with the exchange server again via the test feature in the blocker.

Please help!!

dzavasni · ‎10-02-2009

Hi Nathan,

I'm a little confused. If the port forwarding that you are doing your initial setup with is working, why are we then changing the forwarding? When you change the forwarding rule in your firewall, are you changing the corresponding configuration on the Blocker to match what you're changing in the firewall? It would seem as though this change is the source of your problem. In order to assist a little better guess I will need to know more about your network layout including the IP of the exchange server and the blocker, and probably the firewall as well.

The connection to the exchange server is managed from Network > SMTP Routes. In your current SMTP route, are you using a hostname or IP address?

nathanv · ‎10-02-2009

Since you are a Cisco employee can I contact you directly as I prefer not to post specific configuration details online.

dzavasni · ‎10-02-2009

Hi Nathan,

I have created ticket# 612616709 for you in anticipation of your call.

...Actually a colleague has informed me that you've called in, I'll have him transfer you to me.

Edit:

This issue was resolved via phone support, but for those who may come across this question looking for an answer to a similar problem, there was nothing wrong with the port forward. The culprit was the SMTP Route, the domain listed in the SMTP Route was not "world resolvable" by DNS, causing the blocker to loop the email until it reached maximum hop-count, resulting in the email bouncing back to the sender as undeliverable. Swapping the SMTP Route domain name to a valid DNS entry allowed the blocker to deliver properly to the attached Exchange server.