ScreenOS Firewalls (NOT SRX)
Reply
CSC
Visitor
CSC
Posts: 3
Registered: ‎09-29-2009
0

NS 5GT - No Incoming Mail / Port 25

NetScreen 5GT firmware ver. 5.3.0r4.0
 
I’m trying to setup our 5GT to receive e-mail via SMTP on port 25. I’ve configured the domain’s DNS/MX records to send the mail to our IP address (verified it through wimi.com) but nothing seems to get through our 5GT to port 25.
 
I don’t see any activity at all in the logs for the Policy or in the general device logs.
 
I’ve tried to telnet to port 25 of the IP address and it times out. I've also tried a port scan on 25 and SMTP test from mxtoolbox.com but they both fail.
 
DNS
A-Record for ‘mail’ points to our public IP address
MX Record points to the ‘mail’ A-Record
 
5GT
Policy from ‘Untrust’ to ‘Trust’
Policy source address is ‘Any’
Policy dest address is the IP of our Exchange server (ie 10.0.0.1/32)
Policy Service is the predefined ‘Mail’ service
Policy Application is ‘None’
 
Any help would be greatly appreciated.
 
 
James
Distinguished Expert
muttbarker
Posts: 2,370
Registered: ‎01-29-2008
0

Re: NS 5GT - No Incoming Mail / Port 25

What are you doing to NAT the external IP to your internal Exchange server?
Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
CSC
Visitor
CSC
Posts: 3
Registered: ‎09-29-2009
0

Re: NS 5GT - No Incoming Mail / Port 25

I don't have anything setup for 'NAT'. Nothing is selected for 'NAT' on the 'Advanced' page of the Policy.

 

Obvioulsy based on your question I need to set up something else.

 

 

James

Distinguished Expert
muttbarker
Posts: 2,370
Registered: ‎01-29-2008
0

Re: NS 5GT - No Incoming Mail / Port 25

[ Edited ]

Well your Exchange box is sitting in the trust zone on the interface labeled trust. This I/F is set to NAT. I am also guessing that you have a private IP address on Exchange box.

 

So one way or the other, right now there is no way for the traffic to get from outside to inside even though you setup a policy. Can you share your config and a quick overview of your setup. Feel free to send a private message.

 

Message Edited by muttbarker on 09-29-2009 01:27 PM
Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
CSC
Visitor
CSC
Posts: 3
Registered: ‎09-29-2009
0

Re: NS 5GT - No Incoming Mail / Port 25

I added NAT to the Policy. I set it to the IP of the Exchange server but I still don't see any traffic in the logs at all.

 

 

James

Distinguished Expert
muttbarker
Posts: 2,370
Registered: ‎01-29-2008
0

Re: NS 5GT - No Incoming Mail / Port 25

Well, without the config can't review your NAT -but another thought - do you have a default route outbound back to your Inet provider G/W?
Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.