Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
0
Helpful
3
Replies

Linux email server behind PIX

y.lo
Level 1
Level 1

‎06-17-2003 07:23 PM - edited ‎02-20-2020 10:48 PM

I got 3 Linux email servers, and only these 3 devices, behind a PIX 506E and the outside interface is connected directly to the Internet. Sending email to and receiving email from Internet is working fine.

But if the email servers send email to each other, using their public domain name, there would be a significant delay, say over 10 mins. I used the alias command in PIX and the email servers can resolve their domain names to their private ip successfully. So I think that's not owing to DNS problem.

Did someone come across similar situation?

0 Helpful
3 Replies 3

fpineau
Level 1
Level 1

‎06-20-2003 07:04 AM

If they're sending mail to each other, why is the PIX getting involved at all? If your network is that complex, you should be running a split DNS so that the internal DNS resolves to your private IP addresses instead of the public ones. Then you won't need the alias command either. I realize this doesn't solve your problem, but it's something to think about.

0 Helpful

y.lo
Level 1
Level 1
In response to fpineau

‎06-22-2003 08:23 PM

Maybe some clarification is needed. Say 3 email server A,B and C. I am meaning that a user account on email server A is sending email to a user account on email server B. So when server A wants to deliver the email, it tries to resolve the domain name of server B.

But I got into another problem now. Server A and B are working fine now, including sending email to each other. When A and B send to C, C cannot receive. But A and B can receive email sending from C. If I put C out of the PIX, everything is perfect.

I'm suspecting it is owing to DNS problem, coz if I do a nslookup, domain name of A is not resolved to an ip that I suppose it to resolve. Domain name of B even doesn't return an ip. Only that of C is resolved correctly. However, A and B can send and receive email from Internet!!

I tried to fix this by making a host file on each email server with their internal private ip. However, I can find by sniffer that they still send out a DNS request when they want to resolve the domain name of the email address. Local hosts file has already been set to the highest priority. Does anyone have any idea?

0 Helpful

flitcraft33
Level 1
Level 1

‎06-24-2003 09:48 AM

Can't you just add the addresses to the host files on the servers? That should provide instant resolution.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card