Solved: Re: Port Forwarding Translating 587 to Smtp 25 ?

Mesut Canbolat · ‎01-18-2011

Hello Dear Experts

1- Due to Isp -spam prevent policy our outlook clients can only send their emails
via tcp port 587 as smtp port
2- Our mailserver does not support (Mailsite) listening on port 587 only listens at regular smtp port 25.

we are using a little port forward program to forward all 587 requests to our mail server's 25 port ..

*** Some times this little port forward program crashes due to high email-traffic

Here we have :
------------------------------------------------------------------------------------------------------------
Asa 5505 version : 7.2(4)
Asdm Version : 5.2(4)

access-list outside_access_in extended permit tcp any host 92.92.92.18 eq smtp
access-list outside_access_in extended permit tcp any host 92.92.92.18 eq pop3
access-list outside_access_in extended permit tcp any host 92.92.92.18 eq 587

static (inside,outside) 92.92.92.18 192.168.25.75 netmask 255.255.255.255
access-group outside_access_in in interface outside

------------------------------------------------------------------------------------------------------------
How can we translate all 587 requests from outside outlook clients
to our 192.168.25.75 mail server as smtp-25 requests ..

Many Thanks in advance for your suuport and kind eforts

Panos Kampanakis · ‎01-18-2011

Probably that is your best bet.

Please mark this as answered if it is, for other users'' future benefit.

Rgs,

PK

View solution in original post

Jennifer Halim · ‎01-18-2011

Change the following static 1:1 translation from:

static (inside,outside) 92.92.92.18 192.168.25.75 netmask 255.255.255.255

To:

static (inside,outside) tcp 92.92.92.18 587 192.168.25.75 25 netmask 255.255.255.255

If IP address of 92.92.92.18 is also listening on different ports, then you can configure port forward for the other ports as well.

"clear xlate" after the above changes.

Mesut Canbolat · ‎01-18-2011

Hello Dear Halim

First of all many thanks for your very *prompt answer + support ...

Please let me make sure before I go ahead and apply :

----------------------------------Current Running Config ----------------------------------------

access-list outside_access_in extended permit tcp any host 92.92.92.18 eq smtp
access-list outside_access_in extended permit tcp any host 92.92.92.18 eq pop3
access-list outside_access_in extended permit tcp any host 92.92.92.18 eq 587

access-list outside_access_in extended permit tcp any host 92.92.92.18 eq www

static (inside,outside) 92.92.92.18 192.168.25.75 netmask 255.255.255.255
access-group outside_access_in in interface outside

------------------------------------------------------------------------------------------------------

Since this mail server services as also smtp 25 for email-relays-recieves for outside mail servers +

web server + pop3 and 587 server outlook clients :

(If IP address of 92.92.92.18 is also listening on different ports,

then you can configure port forward for the other ports as well)

Is this config right to apply :

-----------------------------------Required Config to Go For Applying -------------------------

access-list outside_access_in extended permit tcp any host 92.92.92.18 eq smtp
access-list outside_access_in extended permit tcp any host 92.92.92.18 eq pop3
access-list outside_access_in extended permit tcp any host 92.92.92.18 eq 587

access-list outside_access_in extended permit tcp any host 92.92.92.18 eq www

no static (inside,outside) 92.92.92.18 192.168.25.75 netmask 255.255.255.255

static (inside,outside) tcp 92.92.92.18 587 192.168.25.75 25 netmask 255.255.255.255

static (inside,outside) tcp 92.92.92.18 25 192.168.25.75 25 netmask 255.255.255.255

static (inside,outside) tcp 92.92.92.18 80 192.168.25.75 80 netmask 255.255.255.255

static (inside,outside) tcp 92.92.92.18 110 192.168.25.75 110 netmask 255.255.255.255

access-group outside_access_in in interface outside

clear xlate

---------------------------------------------------------------------------------------------------------------

I will be very happy if you make me sure before I go for applying ...

Thanks ,

Panos Kampanakis · ‎01-18-2011

Everything is correct except for

static (inside,outside) tcp 92.92.92.18 587 192.168.25.75 25 netmask 255.255.255.255

static (inside,outside) tcp 92.92.92.18 25 192.168.25.75 25 netmask 255.255.255.255

You can't use both. You can't translate port 25 to both 587 and 25 on the outside. You might be able to do it with version 8.3 ONLY if your outside hosts that will be connect on port 25 or 587 are known.

I hope it helps.

PK

Mesut Canbolat · ‎01-18-2011

So, in my case as a conclusion :

I will wait for Mailsite Mail Server software-new version supports to listen also port 587 as smtp reciever

Thanks a lot for your support .

All Best

Panos Kampanakis · ‎01-18-2011

Probably that is your best bet.

Please mark this as answered if it is, for other users'' future benefit.

Rgs,

PK