Most
firewalls by default allow nothing from DMZ -> WAN. You probably need
to add a rules to the firewall to allow 25,80,110 and 443 (this is normally 4
seperate rules) from DMZ -> WAN. You already allow the reverse (WAN
-> DMZ).
Todd
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Rawley
Sent: Thursday, March 28, 2002 1:48 PM
To: IMail Forum (E-mail)
Subject: [IMail Forum] Firewall Help Please!!Hello all,I have a strange problem and can not seem to find any help from the KB. I'm in to process of securing our 3-Com Office Connect firewall. Basically I closed all ports from the Internet to the DMZ say 25, 80, 110, and 443. This seemed to work fine. Email was going from user-to-user and coming from the internet to us. However, email would not go out. The log showed that our sever was talking to theirs but delivery failed. Here is an excerpt:03:27 10:36 SMTP-(00000158) D:\IMail\spool\Qe5b703c.SMP
03:27 10:36 SMTP-(00000158) processing D:\IMail\spool\Qe5b703c.SMP
03:27 10:36 SMTP-(00000158) Trying ci.akron.oh.us (0)
03:27 10:36 SMTP-(00000158) Connect ci.akron.oh.us [204.210.174.26:25] (1)
03:27 10:36 SMTP-(00000158) 220 Welcome to COA email
03:27 10:36 SMTP-(00000158) >EHLO cssbehavioral.org
03:27 10:36 SMTP-(00000158) 500 Unknown command
03:27 10:36 SMTP-(00000158) >HELO domain.com
03:27 10:36 SMTP-(00000158) 250 Hello domain.com, pleased to meet you
03:27 10:36 SMTP-(00000158) >MAIL FROM:<[EMAIL PROTECTED]>
03:27 10:36 SMTP-(00000158) 250 <wagnedou@domain.com... Sender ok
03:27 10:36 SMTP-(00000158) >RCPT To:<[EMAIL PROTECTED]>
03:27 10:36 SMTP-(00000158) 250 <[EMAIL PROTECTED].... Recipient ok
03:27 10:36 SMTP-(00000158) >DATA
03:27 10:36 SMTP-(00000158) 354 Enter mail, end with "." on a line by itself
03:27 10:37 SMTP-(00000158) s: s
03:27 10:37 SMTP-(00000158) >.
03:27 10:37 SMTP-(00000158) s: s
03:27 10:37 SMTP-(00000158) s: s
03:27 10:37 SMTP-(00000158)
03:27 10:37 SMTP-(00000158) SMTP_DELIV_FAILED
03:27 10:37 SMTP-(00000158) >QUIT
03:27 10:37 SMTP-(00000158) s: s
03:27 10:37 SMTP-(00000158) s: s
03:27 10:37 SMTP-(00000158)
03:27 10:37 SMTP-(00000158) Trying aol.com (0)
03:27 10:37 SMTP-(00000158) Connect aol.com [152.163.224.122:25] (1)
03:27 10:37 SMTP-(00000158) 220-rly-zd02.mx.aol.com ESMTP mail_relay_in-zd2.6; Wed, 27 Mar 2002 10:43:43 -0500
03:27 10:37 SMTP-(00000158) 220-America Online (AOL) and its affiliated companies do not
03:27 10:37 SMTP-(00000158) 220- authorize the use of its proprietary computers and computer
03:27 10:37 SMTP-(00000158) 220- networks to accept, transmit, or distribute unsolicited bulk
03:27 10:37 SMTP-(00000158) 220 e-mail sent from the internet.
03:27 10:37 SMTP-(00000158) >EHLO domain.com
03:27 10:37 SMTP-(00000158) 250-rly-zd02.mx.aol.com adsl-XXX.XXX.XXX.XXX.dsl.akrnoh.ameritech.net
03:27 10:37 SMTP-(00000158) 250 HELP
03:27 10:37 SMTP-(00000158) >MAIL FROM:<[EMAIL PROTECTED]>
03:27 10:37 SMTP-(00000158) 250 OK
03:27 10:37 SMTP-(00000158) >RCPT To:<[EMAIL PROTECTED]>
03:27 10:37 SMTP-(00000158) 250 OK
03:27 10:37 SMTP-(00000158) >RCPT To:<[EMAIL PROTECTED]>
03:27 10:37 SMTP-(00000158) 250 OK
03:27 10:37 SMTP-(00000158) >DATA
03:27 10:37 SMTP-(00000158) 354 START MAIL INPUT, END WITH "." ON A LINE BY ITSELF
03:27 10:37 SMTP-(00000158) >.
03:27 10:37 SMTP-(00000158) 250 OK
03:27 10:37 SMTP-(00000158) rdeliver aol.com multiple (2) [EMAIL PROTECTED] 222725
03:27 10:37 SMTP-(00000158) >QUIT
03:27 10:37 SMTP-(00000158) 221 SERVICE CLOSING CHANNEL
03:27 10:37 SMTP-(00000158) requeuing D:\IMail\spool\Qe5b703c.SMP R0 T2
03:27 10:37 SMTP-(00000158) finished D:\IMail\spool\Qe5b703c.SMP status=3I ended up having to re-open all ports on the firewall to get mail to go to the internet.Now that the history lesson is over, here is my question What ports and/or sub ports do I need open on the firewall for IMail to work properly?Thank you,Michael Rawley
