Here is some additional detail. We are trying to receive e-mail from another system via a VPN tunnel over the internet. Here is a description of the issue:
1. To bring up the VPN tunnel we are using an IP address on the sender's Cisco 7206 to make the connection to the our Cisco PIX 515 firewall. We tried using host names but the tunnel would not come up. 2. The sender sends email to [EMAIL PROTECTED], which is the outside interface of the firewall. 3. The firewall is doing a static NAT of the 199.79.180.51 address to 10.252.224.20 address, which is the IMail server address. 4. The problem is, the firewall receives the mail and translates the address to the IMail server; inside the IMail server, the SMTP process sees the mail destined for [EMAIL PROTECTED], which in this case is an unknown host so the mail sits in the queue waiting for delivery. 5. Just to prove the problem, we modified the header file in the spool directory to change the delivery address to the address of the mail server and the mail is delivered. Thanks, Mike Hulme -----Original Message----- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Monday, October 14, 2002 11:57 AM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] IMail with Firewall/NAT >We are using a Cisco PIX, but I don't think we are using the firewall's >e-mail related add-in. I won't be able to access the system until Tuesday >so I can't get the logs at this time (it is not in production yet). The >person who was working this told me the message made it to the IMail server >and was sitting in the spool directory. If he edited the file and changed >the IP address in the header from the "outside" address to the translated >"inside" IP address, IMail then routed it correctly. Something's fishy here. IMail stores each E-mail in the spool as two separate files. The D*.SMD file contains the actual E-mail (body and headers), with nothing else. The Q*.SMD file contains routing information for the E-mail. The Q*.SMD file won't normally contain IP addresses in it. The D*.SMD file is just the actual E-mail -- and IMail won't use anything in there for routing. So changing an IP address in one of the spool files shouldn't cause the E-mail to get delivered. -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
