skeatingMemberOctober 22, 2015 at 7:48 am #165904
I am trying to connect both inbound and outbound email from the Barracuda Email Security System to my Exchange 2010 server. Currently my Cisco 515 PIX has these two rules, which I believe are allowing mail in and out:
XXX.XXX.XX.XX is the public IP for my Exchange server.
access-list BORDER35 permit tcp any host XXX.XXX.XX.XX eq smtp
static (inside,outside) tcp XXX.XXX.XX.XX smtp Exchange Server NAME smtp netmask 255.255.255.255 0 0
access-list SMTP-OUT-I permit tcp host Exchange Server NAME any eq smtp
I have no problem sending or receiving email.
When I attempt to change the first rule to the following:
access-list BORDER35 permit tcp 220.127.116.11 255.255.240.0 eq smtp host XXX.XXX.XX.XX eq smtp
I cannot receive email sent from an external email account. When I go into Barracuda, it shows the email there, with this message:
Recipients Action Reason Delivery Status
Email Address Allowed Spooled (XXX.XXX.XX.XX:451 No response to HELO/EHLO)
I also cannot do a telnet to the outbound server: telnet dXXXXX.o.ess.barracudanetworks.com 25.
So my questions are, 1. What rules do I need (or revisions of the ones I have) in order to send and receive from Barracuda. 2. How do I open port 25 so I can telnet to the outbound server?
I realize these maybe Cisco 101 questions, and I have researched this on the web, but I am getting nowhere at present. I appreciate any help.
AnonymousOctober 22, 2015 at 1:57 pm #371873
Answer for Q1, see your prior thread regarding access-lists. Answer for Q2: port 25 is opened with the access-list destined for their smtp server. As long as you specify port 25 on your telnet command, and the ACL is entered and assigned to the external interface, you should get some sort of response. But then again, the ACL examples I gave in the other thread assume all traffic is starting / ending with your internal mail server. If you try to telnet via port 25 from your workstation, it won’t match that mail rule because your source IP won’t match.
You must be logged in to reply to this topic.