08-21-2006 11:33 PM - edited 03-03-2019 01:43 PM
When trying to send an e-mail from the SMTP server on the DMZ to the mail server on the inside network, the mail is not delivered. Is this due to the fact that the firewall can not route the message to the mail server? If so how can I get around this problem
08-22-2006 02:47 AM
Hi
AFAIK since DMZ is considered to be a low secured zone when compared to Inside network you need to allow/permit the SMTP traffic from DMZ to flow to inside network.
But its the other way around when you think off from Inside to DMZ in which you dont need to enable or open required ports.
regs
08-22-2006 03:00 AM
Hi,
How is the MX record resolved for the inside mail servers domain. ?
Where is the DNS server located?
Check out this URL for DNS rewrite functionality, which may be helpful in your case
HTH
-VJ
08-22-2006 08:26 AM
The DNS server is located on the ISP's network.
08-22-2006 07:09 PM
The MX record is resolved by using a DNS server outside of the internal network. I read the information from the link that you provided, however I don't think it explains a situation where the host computer on the dmz is trying to route e-mail to a mail server that resides on the inside interface.
Thanks for your help so far,
Joey
08-28-2006 10:06 PM
Are there any more suggestions for my problem?
Thanks,
Joey
08-29-2006 03:51 AM
Hi Joe,
As pointed out by the previous poster, is there proper access configured in your firewall to allow the smtp connection from the server on the DMZ to the mail server on the inside network.?
If you could provide the firewall config snapshot ( after removing the sensitive informations..public ip.etc), we would be able to have a look and help you to correct any problems in the configuration. Provide ip address details on the involved servers also.
You can quickly check whether SMTP connection to inside server is allowed from server on DMZ as follows.
On the server located in DMZ, initiate a telnet connection to the inside server ip on port 25.( telnet
HTH
-VJ
08-29-2006 12:33 PM
08-29-2006 02:58 PM
You are missing a few things, NAT, conduit and alias from your configuration.
You need to define a NAT rule. Conduit to allow the traffic between the servers. Alias configured to do DNS doctoring as the DMZ server tries to communicate with the inside server using the global IP address.
Can you configure the following and try.
static (inside, dmz) 172.17.17.11 172.17.17.11 netmask 255.255.255.255
conduit permit tcp host 172.17.17.11 host 172.17.16.10 eq smtp
alias (dmz) 172.17.16.10 199.199.199.70 255.255.255.255
HTH,
Sundar
08-29-2006 07:21 PM
Thanks Sundar,
I tried the configuration changes that you suggested. However I think the correct address for the host on the dmz should have been 172.17.17.111 and i think the conduit command should have the host addresses reversed. I tried it both ways and I still could not telnet to the mail server (172.17.16.10)using port 25 from the host on the dmz. Here is a copy of the new config with the changes that you recommended.
08-30-2006 10:59 PM
Hello Sundar are you there?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: