We wanted to bring another of our divisions internet email in through our HQ location to be run through our ScanMail program(checks for viruses) and back across the frame relay connection to them. We also wanted to use one of our Qwest addresses(63.xxx.xxx.xxx) instead of AT&T(12.xxx.xxx.xxx). The other division has not changed their MX record.The following is the current configuration:
PIX# sh conduit
conduit permit tcp host 12.xxx.xxx.xxx eq smtp any
PIX# sh static
static (dmz,outside) 12.xxx.xxx.xxx 209.xxx.xxx.xxx netmask 255.255.255.255 0 0 (This routes to the DMZ side of our mail server)
So.....I added the following statements to the config:
static (dmz,outside) 63.xxx.xxx.xxx 209.xxx.xxx.xxx netmask 255.255.255.255 0 0 (Qwest to the DMZ side of mail server)
conduit permit tcp host 63.xxx.xxx.xxx eq smtp any
(Qwest address that is in the global range pool)
When I make that change to the config, about 8-9 hours later we stop receiving ANY external mail. Internal mail still works. The mail server log shows:
It looks like you might be running into a bug. 4.4(1) isnt the most recent code. I noticed a security advisory on the mailguard feature and a blocks (memory) issue. I also noticed 4.4(5) is the current GD code for that platform. Id suggest upgrading first.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...