https://community.cisco.com/t5/network-security/linux-email-server-behind-pix/m-p/171772#M604424 <P>I got 3 Linux email servers, and only these 3 devices, behind a PIX 506E and the outside interface is connected directly to the Internet. Sending email to and receiving email from Internet is working fine. </P><P>But if the email servers send email to each other, using their public domain name, there would be a significant delay, say over 10 mins. I used the alias command in PIX and the email servers can resolve their domain names to their private ip successfully. So I think that's not owing to DNS problem.</P><P>Did someone come across similar situation?</P> Fri, 21 Feb 2020 06:48:33 GMT y.lo 2020-02-21T06:48:33Z https://community.cisco.com/t5/network-security/linux-email-server-behind-pix/m-p/171772#M604424 <P>I got 3 Linux email servers, and only these 3 devices, behind a PIX 506E and the outside interface is connected directly to the Internet. Sending email to and receiving email from Internet is working fine. </P><P>But if the email servers send email to each other, using their public domain name, there would be a significant delay, say over 10 mins. I used the alias command in PIX and the email servers can resolve their domain names to their private ip successfully. So I think that's not owing to DNS problem.</P><P>Did someone come across similar situation?</P> Fri, 21 Feb 2020 06:48:33 GMT https://community.cisco.com/t5/network-security/linux-email-server-behind-pix/m-p/171772#M604424 y.lo 2020-02-21T06:48:33Z https://community.cisco.com/t5/network-security/linux-email-server-behind-pix/m-p/171773#M604425 <HTML><HEAD></HEAD><BODY><P>If they're sending mail to each other, why is the PIX getting involved at all? If your network is that complex, you should be running a split DNS so that the internal DNS resolves to your private IP addresses instead of the public ones. Then you won't need the alias command either. I realize this doesn't solve your problem, but it's something to think about.</P></BODY></HTML> Fri, 20 Jun 2003 14:04:12 GMT https://community.cisco.com/t5/network-security/linux-email-server-behind-pix/m-p/171773#M604425 fpineau 2003-06-20T14:04:12Z https://community.cisco.com/t5/network-security/linux-email-server-behind-pix/m-p/171774#M604426 <HTML><HEAD></HEAD><BODY><P>Maybe some clarification is needed. Say 3 email server A,B and C. I am meaning that a user account on email server A is sending email to a user account on email server B. So when server A wants to deliver the email, it tries to resolve the domain name of server B.</P><P>But I got into another problem now. Server A and B are working fine now, including sending email to each other. When A and B send to C, C cannot receive. But A and B can receive email sending from C. If I put C out of the PIX, everything is perfect.</P><P>I'm suspecting it is owing to DNS problem, coz if I do a nslookup, domain name of A is not resolved to an ip that I suppose it to resolve. Domain name of B even doesn't return an ip. Only that of C is resolved correctly. However, A and B can send and receive email from Internet!!</P><P>I tried to fix this by making a host file on each email server with their internal private ip. However, I can find by sniffer that they still send out a DNS request when they want to resolve the domain name of the email address. Local hosts file has already been set to the highest priority. Does anyone have any idea?</P></BODY></HTML> Mon, 23 Jun 2003 03:23:51 GMT https://community.cisco.com/t5/network-security/linux-email-server-behind-pix/m-p/171774#M604426 y.lo 2003-06-23T03:23:51Z https://community.cisco.com/t5/network-security/linux-email-server-behind-pix/m-p/171775#M604427 <HTML><HEAD></HEAD><BODY><P>Can't you just add the addresses to the host files on the servers? That should provide instant resolution.</P><P></P></BODY></HTML> Tue, 24 Jun 2003 16:48:49 GMT https://community.cisco.com/t5/network-security/linux-email-server-behind-pix/m-p/171775#M604427 flitcraft33 2003-06-24T16:48:49Z