Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

SMTP port filtering

I have a Pix 515 firewall.

Currently they have two seperate mail servers on the "DMZ" side of the firewall.

Internal IP: x.x.x.x

Outside IP: y.y.y.y

here is the setup

names x.x.x.10 mail1

x.x.x.26 mail2

Alias (inside) y.y.y.10 mail1 255.255.255.255

Alias (inside) y.y.y.26 mail2 255.255.255.255

Static (dmz,outside) y.y.y.10 mail1 netmask 255.255.255.255 0 0

Static (dmz,outside) y.y.y.26 mail2 netmask 255.255.255.255 0 0

conduit permit tcp y.y.y.10 eq smtp any

conduit permit tcp y.y.y.26 eq smtp any

My question/problem is I am going to incorporate a "smtp" virus filtering server to check port 25 incoming. I would like to place this on the dmz and filter mail traffic. The mail is then forwarded to the mail1 and mail2 server based on domain name. The smtp filter IP would be x.x.x.12

What statements do I need to change for this to work?

1 REPLY
Silver

Re: SMTP port filtering

does the smtp virus box need an ip address, or does it act like a bridge?

if it needs an ip address, you will need to adjust your mx records to point to it, so that it is responsible for the domain. you then would probably not need to make your smtp servers accessible to the outside world. You will need a static statement for the virus box.

185
Views
0
Helpful
1
Replies
CreatePlease to create content