I thought you mentioned you were using CBAC on the router. Here is something I seen the other day off of cisco's site
Note CBAC can be configured to inspect SMTP but not ESMTP (Extended Simple Mail Transport Protocol). SMTP is described in RFC 821. CBAC SMTP inspect does not inspect the ESMTP session or command sequence. Configuring SMTP inspection is not useful for ESMTP, and it can cause problems. dl -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Joseph McClary Sent: Thursday, July 11, 2002 11:20 AM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Controlling Imail Mail Relay behind a firewall - RESOLVED After a call to a senior tech support specialist at IpSwitch we finally nailed this down and I thought the list would like to know the resolutions. Imail uses Extended SMTP or ESMTP commands especially when using authenciation to connect. My firewall was't handling ESMTP requests so authenciation couldn't occur and thus users couldn't send mail. Thanks for those of you who spent time responding. On to Cisco to learn about enabling ESMTP. Sincerely, Joe McClary MCS Information Technology [EMAIL PROTECTED] -----Original Message----- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 10, 2002 8:54 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: OSRELAY:[IMail Forum] Controlling Imail Mail Relay behind a firewall >1. In the SMTP Security settings, I set the option to "Relay Mail For" - >I then entered 10.0.0.0 and subnet mast of 255.255.255.0 as "local >address". Ok, I thought that would allow those on my LAN to send mail >and no one else....WRONG. No once can send mail or actually they send it >but it get returned as if the host couldn't be reached. That *should* work. Using "Relay for Addresses" should allow anyone to send mail to your users, and anyone from the IPs you list (or anyone using SMTP AUTH) to send outgoing mail. Entering 10.0.0.0 with a subnet mask of 255.255.255.0 should allow anyone from 10.0.0.x to relay mail (but not 10.0.1.x, for example). Do you mean "No one can send mail" as in "Nobody in the world can send mail to my users", or as in "Nobody on my LAN can send outgoing mail"? >2. I then thought if I couldn't configure relaying, I would just configure >access so I denied "everyone" access... Nope. That just controls who is allowed to connect to your server. If you "deny access to everyone except...", then only IPs you allow will be able to connect to your mailserver -- and that means that only those IPs can send mail to your local users. >Finally, some may wonder why I just don't limit access to local users or >hosts!! Some will wonder that, but only the ones that don't have a clue yet. :) Only "Relay for Addresses" and "No Mail Relay" will stop spammers; anything else will allow spammers to send mail through your server at no charge. >Have any advice on what IP's should be included in the allow list... The button next to "Relay for Addresses" should have any IPs that may send *outgoing* E-mail. It should be the IP that IMail sees (IE an internal address if IMail is behind the firewall). Also, make sure you do not use the Control Access with the "Deny all except" option, as that only works for outgoing-only mailservers. -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
