Normal connection comes in on WAN port 25 and is redirected to LAN on port 25, then Imail replies on port 25 and everything works fine.
From blocking ISP connection comes in on WAN port 587 and is redirected toLAN on port 25. Now the problem comes in... Imail replies on port 25, but reply never makes it back to original connection because they are listening on 587. If you create the outbound rule to redirect the outbound port 25 to port 587 then you do the same for ALL port 25 connections... the result is the "normal" connections would come in on port 25 and go out on 587.
Result, according to SonicWall is that it can't be done. If you create an inbound rule to redirect port 587 to port 25 you must then create an outbound rule to redirect port 25 to 587. This breaks most all normal SMTP connections.
Any ideas other than a software redirect that may have security problems?
Thanks,
Joe
----- Original Message ----- From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Saturday, September 11, 2004 11:14 AM
Subject: RE: [IMail Forum] Cisco NAT for port 587 to IMail
Create service SMTPAUTH for port 587 remote port 25 local
RULE:
ALLOW - SMTPAUTH - WAN, all - LAN(DMZ) Imailserveripaddress
John Tolmachoff Engineer/Consultant/Owner eServices For You
to-----Original Message----- From: [EMAIL PROTECTED] [mailto:IMail_Forum- [EMAIL PROTECTED] On Behalf Of Jay Calvert Sent: Saturday, September 11, 2004 10:02 AM To: [email protected] Subject: Re: [IMail Forum] Cisco NAT for port 587 to IMail
Anybody know how to do this with a SonicWALL?
Thanks! ----- Original Message ----- From: "Darin Cox" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Saturday, September 11, 2004 8:13 AM Subject: Re: [IMail Forum] Cisco NAT for port 587 to IMail
> Didn't realize we switched off-list...for the benefit of others wanting
IP>> do this in their Cisco gear... > > Darin. > > ----- Original Message ----- > From: "Darin Cox" <[EMAIL PROTECTED]> > To: "David Dodell" <[EMAIL PROTECTED]> > Sent: Saturday, September 11, 2004 11:11 AM > Subject: Re: Re[2]: SPF Records and Off-Network Customers > > > That was also discussed recently...in any case it would be something like... > > access-list outside_access_in permit tcp any host <External IMail Host
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/> eq 587 > static (inside,outside) tcp <External IMail Host IP> 587 <Internal IMail > Host IP> smtp netmask 255.255.255.255 0 0 > > ...assuming the access list from outside to inside is named > outside_access_in > > You'll need to set aside a separate internal and external IP for this to > avoid a conflict in your NAT rules. > > Darin. > > > ----- Original Message ----- > From: "David Dodell" <[EMAIL PROTECTED]> > To: "Darin Cox" <[EMAIL PROTECTED]> > Sent: Saturday, September 11, 2004 10:59 AM > Subject: Re[2]: SPF Records and Off-Network Customers > > > > IMail can't do it, but you can NAT with a firewall, or use a port > redirector > > on your server to redirect port 587 to 25. There have been recent > > discussions in the list on this topic. > > That is what I thought .. unfortunately I don't know how to do that in > my Cisco router ... I'll have to ask around. > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive:
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ >
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
