Hello all,
I've got a very unusual problem at hand here.
Here is the scenario, any help is much appreciated!
We have a Cisco PIX 515E running 7.0, and an internal SMTP mail server.
In the configuration, I have a static map from an external IP to the internal IP of the mail server.
static (inside,outside) ex.te.rn.al 192.168.1.32 netmask 255.255.255.255
Then, I have an access-list defined to all SMTP traffic inbound to that particual external IP.
access-list from_outside_coming_in extended permit tcp any host ex.te.rn.al eq smtp
Now, this is the wierd part. We have an internal Exchange server, and we decided that we want to have a Postfix server sit in front of it to act as the mail gateway.
So I built the Postfix server and to test, I telnet'd to the box internally, and it works just fine.
If I try to telnet externally, I would get the following prompt:
220 ********************************* (I didn't place those asteriks in...it just came up that way). And it make it worse, it thinks all the commands are not implemented (i.e. error message 500 unrecognized command).
Now, before you point the finger at Postfix and say it has nothing to do with the PIX....
As a test, I completely cut the Postfix box out of the equation and simply placed the Exchange server out in the wild.
I got the exact same error messages!!!
This is what leads me to believe that the PIX is "inspecting" the traffic, or doing something to prohibt the use of it.
does anyone have any thoughts or suggestions?
Many thanks!!
Sam
I've got a very unusual problem at hand here.
Here is the scenario, any help is much appreciated!
We have a Cisco PIX 515E running 7.0, and an internal SMTP mail server.
In the configuration, I have a static map from an external IP to the internal IP of the mail server.
static (inside,outside) ex.te.rn.al 192.168.1.32 netmask 255.255.255.255
Then, I have an access-list defined to all SMTP traffic inbound to that particual external IP.
access-list from_outside_coming_in extended permit tcp any host ex.te.rn.al eq smtp
Now, this is the wierd part. We have an internal Exchange server, and we decided that we want to have a Postfix server sit in front of it to act as the mail gateway.
So I built the Postfix server and to test, I telnet'd to the box internally, and it works just fine.
If I try to telnet externally, I would get the following prompt:
220 ********************************* (I didn't place those asteriks in...it just came up that way). And it make it worse, it thinks all the commands are not implemented (i.e. error message 500 unrecognized command).
Now, before you point the finger at Postfix and say it has nothing to do with the PIX....
As a test, I completely cut the Postfix box out of the equation and simply placed the Exchange server out in the wild.
I got the exact same error messages!!!
This is what leads me to believe that the PIX is "inspecting" the traffic, or doing something to prohibt the use of it.
does anyone have any thoughts or suggestions?
Many thanks!!
Sam