Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Reverse DNS Issue with Barracuda Spam Filter

Hi, I have a Barracuda Spam Filter which accepts our incoming smtp and passes it on to our Exchange Server.

For Outgoing emails the Exchange server sends directly out.

I have static Nats set up as follows (external IP's replaced)

Exchange Server

static (INSIDE,OUTSIDE) 1.2.3.4 10.0.0.5 netmask 255.255.255.255

Barracuda

static (INSIDE,OUTSIDE) 1.2.3.5 10.0.0.6 netmask 255.255.255.255

also access-lists as follows

Exchange (https & www for Outlook Web Access)

access-list OUTSIDEIN extended permit tcp any host 1.2.3.4 eq https

access-list OUTSIDEIN extended permit tcp any host 1.2.3.4 eq www

Barracuda (incoming SMTP)

access-list OUTSIDEIN extended permit tcp any host 1.2.3.5 eq smtp

Problem is when I send emails out, it goes out as 1.2.3.4 which does not match up with the MX record that points to 1.2.3.5

Therefore we are receiving Reverse DNS failures from recipients

<exchange1.ourdomain.local #5.7.1 smtp;550 5.7.1 Client host rejected: cannot find your hostname, [1.2.3.4]>

Is it possible for our Exchange Server to send out via 1.2.3.5 ? (I cannot use the Barracuda as an outgoing relay)

Thanks,

Chris

2 REPLIES

Re: Reverse DNS Issue with Barracuda Spam Filter

Chris,

Create a reverse static route for the Barracuda. currently sounds like you are using a global NAT for all Inside IP address, try the below:-

static (outside,inside) 10.0.0.6 1.2.3.5 netmask 255.255.255.255

HTH>

Community Member

Re: Reverse DNS Issue with Barracuda Spam Filter

Thanks Andrew,

Would I need this static NAT for the Exchange Server (10.0.0.5) rather than the Barracuda as I want the Exchange server to go out as 1.2.3.5?

I do have Global Nat set up using the Interface address for all inside hosts, but neither the Barracuda or Exchange Server use that address, they currently go out using the addresses I have set up in the Static NATs

Thanks,

Chris

1295
Views
0
Helpful
2
Replies
CreatePlease to create content