3 Replies Latest reply: Apr 23, 2013 11:28 PM by mrkylewood RSS

    SMTP port forwarding for exchange server WOES.


      Running a Mcafee Sidewinder version 70103


      I have created two rules, an inbound and outbound smtp rule.



      79outYesAllowsmtp stuffinternal1.163.1.10external<Any><Default  Group>25/tcp
      80inYesAllowsmtp stuffexternal<Any>internal1.163.1.10<Default Group>25/tcp




      If I go to canyouseeme.org, inside my network, it says that port 25 is open.  If i try to telnet into my mail server (using port 25) from another public IP, I do not get a response.  Likewise, if I am inside my network and I try to telnet into a publically accessible mail server (smtp.comcast.net) I get no repsonse.  When I look at the monitor section, after I have tried to telnet into the mail server I get this:










      Basically the deny all rule is blocking my smtp traffic, which SHOULD be let through to my mail server.  I have spent over a week on this every night and am at my witts end.  Any advice would be invaluable at this point.


      I have made sure that the 2 smtp rules are above the deny all rule.  HELP!


      Message was edited by: mrkylewood on 4/22/13 11:45:04 PM CDT
        • 1. Re: SMTP port forwarding for exchange server WOES.

          Have played around with the config some more and now am getting this message instead.



          • 2. Re: SMTP port forwarding for exchange server WOES.



            A couple of things to check before you try anything else:-


            This Firewall has two SMTP modes, either transparent SMTP proxy services (where the traffic passes through the Firewall) and a split sendmail mode (where  two sendmail servers run on the Firewall). The two modes can't co-exist, so if you are running in sendmail mode, but are trying to use SMTP proxies, the problem may be that because the sendmail service takes control of port 25, the rules allowing traffic to pass through aren't likely to work.


            If you go to Maintenance -> Reconfigure Mail in the Admin GUI you will be able to see which mode the Firewall is currently using. If it doesn't say that the current SMTP Mode is "Transparent" then you'll need to change it before you do anything else.


            The second one concerns the construction of the rules, specifically the inbound rule. Do you have routeable addresses on each side of your Firewall? If not, your inbound rule is unlikely to work. It will need to be source burb=external, source=<Any>, dest burb=external, dest=<address object for external IP address> and then use the redirect host element to pass the traffic through to the address object representing the actual address of the Exchange server.



            • 3. Re: SMTP port forwarding for exchange server WOES.

              Phil thanks for the help.  I followed your instructions, mainly the one pertaining to the source blurb and external blurp.  For some reason when I was configuring each side of it, I felt as if they had to be different, but once I made both the source and destination external and redirected to the internal IP was golden.


              Thanks alot.