Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

SMTP port filtering

I have a Pix 515 firewall.

Currently they have two seperate mail servers on the "DMZ" side of the firewall.

Internal IP: x.x.x.x

Outside IP: y.y.y.y

here is the setup

names x.x.x.10 mail1

x.x.x.26 mail2

Alias (inside) y.y.y.10 mail1

Alias (inside) y.y.y.26 mail2

Static (dmz,outside) y.y.y.10 mail1 netmask 0 0

Static (dmz,outside) y.y.y.26 mail2 netmask 0 0

conduit permit tcp y.y.y.10 eq smtp any

conduit permit tcp y.y.y.26 eq smtp any

My question/problem is I am going to incorporate a "smtp" virus filtering server to check port 25 incoming. I would like to place this on the dmz and filter mail traffic. The mail is then forwarded to the mail1 and mail2 server based on domain name. The smtp filter IP would be x.x.x.12

What statements do I need to change for this to work?


Re: SMTP port filtering

does the smtp virus box need an ip address, or does it act like a bridge?

if it needs an ip address, you will need to adjust your mx records to point to it, so that it is responsible for the domain. you then would probably not need to make your smtp servers accessible to the outside world. You will need a static statement for the virus box.

CreatePlease to create content