Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

secure mail

I have a unix mailserver on the outside of my firewall. (It used to be our external dns as well)We want to bring it inside because the clients that we use to connect to it go directly through the firewall. What is the most secure way to do this so we don' t have vulnerabilities with sendmail etc???

Cisco Employee

Re: secure mail

Just move it inside, give it an inside IP address and create a static on your PIX mapping the old outside IP address to the new inside IP address. Clear your ARP cache on your outside router so it'll connect to the PIX now rather than still try and connect to the MAC address of the mail server. Create an ACL only allowing SMTP thru to this inside host.

The SMTP fixup in the PIX will only allow the standard 8 SMTP commands through to this server. See for details. Of course this is no substitute for keeping your sendmail software up to date with all the recent patches, etc.

Community Member

Re: secure mail

ok I did this and it all worked except we don't want to have to change each client machine from the external address to the internal address. Any suggestions?

CreatePlease to create content