Cisco Support Community
Community Member

SMTP Relaying Not Allowed between Inside and DMZ


I have Microsoft Exchange Internet Mail Server on the inside interface of a PIX Firewall and a SMTP relay resides on the DMZ of the same PIX

When i try to send a mail from an internal account using as the SMTP and the POP3 servers to an account using as SMTP and POP3 servers , i receive a message states that the receipant name is not recognized. and when i do the same thing from the DMZ to Inside, i receive a message indicates that the Relaying not allowed.

For troublshooting, i made a telnet on port 25 to from and it is succeeded.

From, i made a Telnet on porrts 25 and 110 to and they are succeded also.

The configuration of the PIX is as follows :

access-list DMZone permit tcp host any eq smtp

access-list INSIDE permit tcp host any eq smtp

access-list INSIDE permit tcp host any eq pop3

static (inside,dmz) netmask 0 1

So is the problem related to the PIX firewall or it is related to some missed configuration of the Mail servers. if so would you help me how to configure the Microsoft exchange IMS and IIS SMTP to do this function.

Thank you in advance.


Re: SMTP Relaying Not Allowed between Inside and DMZ

When you ran your telnet tests, how far did you test? Did you stop after viewing the telnet banner screen? Or did you enter the mail from: and rcpt to: commands using valid info?

When you stated that the telnes succeeded, the pix config is okay and the mail config is the issue. One thing to check on the pix is if the fixup protocol smtp is enabled; if it is and you want to use esmtp, you may need to turn it off. I had to turn the fixup off to allow the mail gateways in my org. to operate. If there are many asterisks (***) in the banner, that is your visual clue that the fixup smtp is enabled.

An intereting test is to use the mail from:, rctp to:, data, and subject: smtp commands to run an interactive smtp session and see if the messages get delivered.

Let me know if this helps.

Community Member

Re: SMTP Relaying Not Allowed between Inside and DMZ

The problem is with the mail servers.

The fact that you get this "Relaying not allowed." Shows that you are communicating between the two and that the Exchange server is not configured to allow relaying via the IP address of the Relay server in the DMZ.

Check here..

Exchange > Systems Manager > Server > Protocols > SMTP > SMTP Virtual Server Right Click Properties > Access Tab > Relay Restrictions

CreatePlease to create content