https://community.cisco.com/t5/network-security/mail-asa-access-question/m-p/783783#M422088 <HTML><HEAD></HEAD><BODY><P>thanks ..</P><P></P><P>the remote branches connect to a core router via (vpn tunnel on shared data circuit) that inturns forwards traffic to the ASA. Permissions are ACL based.</P><P>home users use the http rule that allows them to connect to the mail server via browser only. the mails stays on the servers unless they connect through a vpn client and download the mails .. </P><P></P><P>thanks again <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P></P></BODY></HTML> Mon, 11 Jun 2007 07:27:51 GMT a.shaukat 2007-06-11T07:27:51Z https://community.cisco.com/t5/network-security/mail-asa-access-question/m-p/783781#M422086 <P>Hi, </P><P>im running an ASA 5520 (ios 7.2(2)). </P><P>the mails for my organization were being collected in a pop account at the isp end. </P><P></P><P>the mail server is allowed to the outside network (internet)so it was easily sending mails outside. </P><P>to get mails we used to logonto a pop account and retrieve mails via pop retrieving software. </P><P></P><P>now we decided not to use the isp pop account and use our mail server to recieve mails directly. ( the mx entery on our hosted dns will be the live ip of our mail sever). </P><P>my Question is .. what port will i have to open on my ASA security rule to allow mails from outside network being sent to a server on my inside network,.</P><P></P><P>uptill now i only had http port opened for that server so it was acessable for home users.</P><P></P><P>will i need to open pop3 port or smtp ???</P><P></P><P>stuck badly..</P><P></P> Fri, 21 Feb 2020 09:33:53 GMT https://community.cisco.com/t5/network-security/mail-asa-access-question/m-p/783781#M422086 a.shaukat 2020-02-21T09:33:53Z https://community.cisco.com/t5/network-security/mail-asa-access-question/m-p/783782#M422087 <HTML><HEAD></HEAD><BODY><P>You will need to open only SMTP, for your server to accept mails from the Internet.</P><P></P><P>access-list DMZ extended permit ip host mail server IP any</P><P></P><P>What will happen to your remote users. How will they access mail ?</P><P></P><P>If you want to allow them to access from home then you may have to open either POP / Other accesss basede on your Mail server</P><P></P><P>HTH - Please rate all useful posts</P><P></P><P></P></BODY></HTML> Mon, 11 Jun 2007 05:04:57 GMT https://community.cisco.com/t5/network-security/mail-asa-access-question/m-p/783782#M422087 anandramapathy 2007-06-11T05:04:57Z https://community.cisco.com/t5/network-security/mail-asa-access-question/m-p/783783#M422088 <HTML><HEAD></HEAD><BODY><P>thanks ..</P><P></P><P>the remote branches connect to a core router via (vpn tunnel on shared data circuit) that inturns forwards traffic to the ASA. Permissions are ACL based.</P><P>home users use the http rule that allows them to connect to the mail server via browser only. the mails stays on the servers unless they connect through a vpn client and download the mails .. </P><P></P><P>thanks again <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P></P></BODY></HTML> Mon, 11 Jun 2007 07:27:51 GMT https://community.cisco.com/t5/network-security/mail-asa-access-question/m-p/783783#M422088 a.shaukat 2007-06-11T07:27:51Z https://community.cisco.com/t5/network-security/mail-asa-access-question/m-p/783784#M422089 <HTML><HEAD></HEAD><BODY><P>Sorry the right commmand is </P><P></P><P>access-list DMZ extended permit tcp host (Mail server IP ) any eq smtp</P></BODY></HTML> Mon, 11 Jun 2007 07:40:10 GMT https://community.cisco.com/t5/network-security/mail-asa-access-question/m-p/783784#M422089 anandramapathy 2007-06-11T07:40:10Z