PIX and SMTP

jerry.holmes · ‎04-11-2001

We wanted to bring another of our divisions internet email in through our HQ location to be run through our ScanMail program(checks for viruses) and back across the frame relay connection to them. We also wanted to use one of our Qwest addresses(63.xxx.xxx.xxx) instead of AT&T(12.xxx.xxx.xxx). The other division has not changed their MX record.The following is the current configuration:

PIX# sh conduit

conduit permit tcp host 12.xxx.xxx.xxx eq smtp any

PIX# sh static

static (dmz,outside) 12.xxx.xxx.xxx 209.xxx.xxx.xxx netmask 255.255.255.255 0 0 (This routes to the DMZ side of our mail server)

So.....I added the following statements to the config:

static (dmz,outside) 63.xxx.xxx.xxx 209.xxx.xxx.xxx netmask 255.255.255.255 0 0 (Qwest to the DMZ side of mail server)

conduit permit tcp host 63.xxx.xxx.xxx eq smtp any

(Qwest address that is in the global range pool)

When I make that change to the config, about 8-9 hours later we stop receiving ANY external mail. Internal mail still works. The mail server log shows:

SMTP Server: XXX.XXX.XXX.XXX connected

SMTP Server: XXX.XXX.XXX.XXX disconnected. 0 messages received.

If I remove those changes that I made and reload. It works fine. We are running 4.4(1) on the PIX. The log shows:

SMTP Server: XXX.XXX.XXX.XXX connected

SMTP Server: XXX.XXX.XXX.XXX disconnected. 1(or more as the case may be) messages received.

Thanks for any input !

Jerry Holmes

wdrootz · ‎04-18-2001

It looks like you might be running into a bug. 4.4(1) isn’t the most recent code. I noticed a security advisory on the mailguard feature and a blocks (memory) issue. I also noticed 4.4(5) is the current GD code for that platform. I’d suggest upgrading first.