We've got an ASA5510 that is blocking outbound mails for certain domains (for other domains there's no problem, there are no issues with any inbound mails as well). The mail server keeps logging this "The DNS server encountered an invalid domain name in a packet from x.x.96.17. The packet is rejected." and the mails for those domains are hold in the queues of the mail server, but aren't sent.
We changed the DNSs in the mail server but the problem continues and we know for sure that the problem is the ASA because we installed the old firewall back and all the mail kept in the queues were immediately sent.
The address x.x.110.210 es the IP Source of the outbound traffic from SRV_MAIL_ARRIOLA (which is the main mail server). I wonder if the command "global (OUTSIDE) 2 NAT_SRV_MAIL_ARRIOLA netmask 255.255.255.240 " is OK? or the netmask should be 255.255.255.255 ?
The smtp inbound traffic for x.x.110.210 goes to SRV_SCM, which is the antispam server, but again, there's no problem with inbound mails.
ip address x.x.110.213 255.255.255.240
name 184.108.40.206 SRV_SCM
name 220.127.116.11 SRV_MAIL_ARRIOLA
name x.x.110.210 NAT_SRV_MAIL_ARRIOLA
global (OUTSIDE) 1 interface
global (OUTSIDE) 2 NAT_SRV_MAIL_ARRIOLA netmask 255.255.255.240
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...