I have my PIX 515-E up and running fine. My Excahnge server is sending and recieving e-mail through the firewall with no problems.
I now want to set up a Event Sink on the server to append a disclaimer to all outgoing e-mails. According to Microsoft Knowledge Base article Q288756 I need to set up a second SMTP virtual server to send e-mails on port 26! Obviously the firewall is allowing SMTP traffic through on port 25.
My question is How do I tell the Firewall to allow SMTP traffic on port 26 instead of 25??
If you have an access-list restricting traffic outbound from the interface that the exchange server is on:
access-list permit tcp host any eq 26
This will allow TCP port 26 to talk to any host, which is required if Exchange is resolving MX hosts to send directly to remote mail servers. If you are using an ISPs mail server as the next mail hop, or a 3rd party mail virus scanning service, then add
access-list permit tcp host host eq 26
To remove the outbound mail permission on port 25:
From how I am interpreting the article, you shouldn't need to make any changes to the firewall. The first exchange server will effectively forward any mail that needs to be sent externally to your new virtual server on port 26, which fill fire the Transport Event on the message and then forward it out on to the internet on the normal SMTP port 25 through the firewall. The original server will still be receiving email just as it has on port 25.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...