https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594101#M498413 <HTML><HEAD></HEAD><BODY><P>This access list permit traffic from outside to inside what is ACL apllied to inside interface???? Why did you turned-off fixup of smtp (no fixup protocol smtp 25 ) try to enable fixup again with command fixup protocol smtp 25 </P><P>M.</P><P>Hope that helps rate if it does</P></BODY></HTML> Mon, 14 Aug 2006 07:19:25 GMT m.sir 2006-08-14T07:19:25Z https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594100#M498412 <P>hi,</P><P></P><P>Currently we are using pix version 6.3(5) 506 model for our email server.</P><P></P><P>Policy rule pretty simple, </P><P></P><P>object-group service Email-ports tcp </P><P> port-object eq 995 </P><P> port-object eq 456 </P><P> port-object eq smtp </P><P> port-object eq 8188</P><P> port-object eq pop3</P><P>access-list outside_access_in permit tcp any interface outside object-group Email-ports</P><P>no fixup protocol smtp 25</P><P></P><P>The issue currently we are facing is, we are able recieve emials but we cannot send emials.</P><P>any advice?</P><P></P><P>best regards,</P><P></P><P>Zaki</P> Fri, 21 Feb 2020 09:06:41 GMT https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594100#M498412 mdazadzaki 2020-02-21T09:06:41Z https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594101#M498413 <HTML><HEAD></HEAD><BODY><P>This access list permit traffic from outside to inside what is ACL apllied to inside interface???? Why did you turned-off fixup of smtp (no fixup protocol smtp 25 ) try to enable fixup again with command fixup protocol smtp 25 </P><P>M.</P><P>Hope that helps rate if it does</P></BODY></HTML> Mon, 14 Aug 2006 07:19:25 GMT https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594101#M498413 m.sir 2006-08-14T07:19:25Z https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594102#M498415 <HTML><HEAD></HEAD><BODY><P>yes this access list permits traffic form the outside to the inside based on the ports that have been configured as below.</P><P></P><P>global (outside) 1 interface</P><P>nat (inside) 1 192.168.1.0 255.255.255.0 0 0</P><P>static (inside,outside) tcp interface smtp LotusDomino smtp netmask 255.255.255.255 0 0 </P><P>static (inside,outside) tcp interface 8188 LotusDomino https netmask 255.255.255.255 0 0 </P><P>static (inside,outside) tcp interface 465 LotusDomino 465 netmask 255.255.255.255 0 0 </P><P>static (inside,outside) tcp interface 995 LotusDomino 995 netmask 255.255.255.255 0 0 </P><P>access-group outside_access_in in interface outside</P><P></P><P>the business requirement is to allow access from the outside network (any) to access the the inside emial server (lotusdomino) bases on the ports confgured above. As for the inside interface, allow any to any policy.</P><P></P><P>so far there is no problem accessing the services from outside network.</P><P></P><P>i read some comments from this forums to disable the no fixup protocol smtp if there is email server sending/recieveing problems. please correct me if i got it all wrong. Many thanks.</P><P></P><P>kind regards,</P><P></P><P>Zaki</P></BODY></HTML> Mon, 14 Aug 2006 07:47:13 GMT https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594102#M498415 mdazadzaki 2006-08-14T07:47:13Z https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594103#M498417 <HTML><HEAD></HEAD><BODY><P>Check your DNS to make sure from the server your can resolve name. NSLOOKUP</P></BODY></HTML> Mon, 14 Aug 2006 10:56:32 GMT https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594103#M498417 starlingsolon 2006-08-14T10:56:32Z https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594104#M498419 <HTML><HEAD></HEAD><BODY><P>my collegue commented based on the config.. he mention that port smtp is not available simply because it has being used for the outbound traffic. that makes it unable to send emials. however please verify the following config and comment.</P><P></P><P>interface ethernet0 auto</P><P>interface ethernet1 auto</P><P>nameif ethernet0 outside security0</P><P>nameif ethernet1 inside security100</P><P>name 192.168.1.28 LotusSametime</P><P>name 192.168.1.27 LotusDomino</P><P>object-group service BIBDEmail-ports tcp </P><P> port-object eq 995 </P><P> port-object eq 456 </P><P> port-object eq smtp </P><P> port-object eq 8188 </P><P>access-list outside_access_in permit tcp any interface outside object-group BIBDEmail-ports </P><P>global (outside) 1 interface</P><P>nat (inside) 1 192.168.1.0 255.255.255.0 0 0</P><P>static (inside,outside) tcp interface smtp LotusDomino smtp netmask 255.255.255.255 0 0 </P><P>static (inside,outside) tcp interface 8188 LotusDomino https netmask 255.255.255.255 0 0 </P><P>static (inside,outside) tcp interface 465 LotusDomino 465 netmask 255.255.255.255 0 0 </P><P>static (inside,outside) tcp interface 995 LotusDomino 995 netmask 255.255.255.255 0 0 </P><P>access-group outside_access_in in interface outside</P><P></P><P>your help is appreciated</P></BODY></HTML> Tue, 15 Aug 2006 01:06:18 GMT https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594104#M498419 mdazadzaki 2006-08-15T01:06:18Z https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594105#M498420 <HTML><HEAD></HEAD><BODY><P>HI ..</P><P>Can you please check whether you have an access-list applied to the INSIDE interface .. If you do make sure you are allowing outbound access as well.</P><P></P><P>I hop eit helps .. please rate it if it does !!!</P><P></P><P></P></BODY></HTML> Tue, 15 Aug 2006 01:22:47 GMT https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594105#M498420 Fernando_Meza 2006-08-15T01:22:47Z https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594106#M498421 <HTML><HEAD></HEAD><BODY><P>Hi Zaki,</P><P></P><P>Please be informed that, disabling the protocol inspection on PIX for SMTP/ESMTP is NOT advisable.</P><P></P><P>May I request you to allow the protocol inspection by command fixup protocol smtp 25.</P><P></P><P>Regards,</P><P>Wilson Samuel</P></BODY></HTML> Tue, 15 Aug 2006 14:42:18 GMT https://community.cisco.com/t5/network-security/cant-send-email-pix-506-version-6-3-5/m-p/594106#M498421 Wilson Samuel 2006-08-15T14:42:18Z