ok, disregard my last reply, I ran the debug, see below:
NOTE: 1.1.1.1 is the private IP of MAIL2
5.5.5.5 is the public IP of the smtp server the mail is being sent to.
9.9.9.9 is the default gateway of the Juniper firewall
---------------------------------------------------------------------------------------------------
Juniper-> set ff src-ip 1.1.1.1 dst-ip 5.5.5.5
filter added
Juniper-> set ff src-ip 5.5.5.5 dst-ip 1.1.1.1
filter added
Juniper-> debug flow basic
Juniper-> cl db
Juniper->
Juniper->
Juniper-> undebug all
Juniper-> get db str
****** 7038963.0: <Trust/bgroup0> packet received [48]******
ipid = 28540(6f7c), @02c69410
packet passed sanity check.
bgroup0:1.1.1.1/36551->5.5.5.5/25,6<Root>
no session found
flow_first_sanity_check: in <bgroup0>, out <N/A>
chose interface bgroup0 as incoming nat if.
flow_first_routing: in <bgroup0>, out <N/A>
search route to (bgroup0, 1.1.1.1->5.5.5.5) in vr trust-vr for vsd-0/
flag-0/ifp-null
PBR lookup params: dst-ip: 5.5.5.5, src-ip: 1.1.1.1, dst-port: 25, src-
port: 36551, protocol: 6, dscp: 0
PBR: no route to (5.5.5.5) in vr trust-vr
[ Dest] 12.route 5.5.5.5->9.9.9.9, to ethernet0/0
routed (x_dst_ip 5.5.5.5) from bgroup0 (bgroup0 in 0) to ethernet0/0
policy search from zone 2-> zone 1
policy_flow_search policy search nat_crt from zone 2-> zone 1
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 5.5.5.5, port 25, proto 6)
No SW RPC rule match, search HW rule
Permitted by policy 92
No src xlate choose interface ethernet0/0 as outgoing phy if
no loop on ifp ethernet0/0.
session application type 7, name SMTP, nas_id 0, timeout 1800sec
ALG vector is not attached
service lookup identified service 0.
flow_first_final_check: in <bgroup0>, out <ethernet0/0>
existing vector list 3-34f96f0.
Session (id:3354) created for first pak 3
flow_first_install_session======>
route to 9.9.9.9
arp entry found for 9.9.9.9
nsp2 wing prepared, ready
cache mac in the session
make_nsp_ready_no_resolve()
search route to (ethernet0/0, 5.5.5.5->1.1.1.1) in vr trust-vr for vs
d-0/flag-3000/ifp-bgroup0
[ Dest] 5.route 1.1.1.1->1.1.1.1, to bgroup0
route to 1.1.1.1
flow got session.
flow session id 3354
post addr xlation: 1.1.1.1->5.5.5.5.
flow_send_vector_, vid = 0, is_layer2_if=0
send packet to traffic shaping queue.
flow_ip_send: 6f7c:1.1.1.1->5.5.5.5,6 => ethernet0/0(48) flag 0x20000
, vlan 0
pak has mac
Send to ethernet0/0 (62)
****** 7038966.0: <Trust/bgroup0> packet received [48]******
ipid = 28556(6f8c), @02ccd410
packet passed sanity check.
bgroup0:1.1.1.1/36551->5.5.5.5/25,6<Root>
existing session found. sess token 4
flow got session.
flow session id 3354
post addr xlation: 1.1.1.1->5.5.5.5.
flow_send_vector_, vid = 0, is_layer2_if=0
send packet to traffic shaping queue.
flow_ip_send: 6f8c:1.1.1.1->5.5.5.5,6 => ethernet0/0(48) flag 0x20000
, vlan 0
pak has mac
Send to ethernet0/0 (62)
JUNIPER->
-------------------------------------------------------------------------------------------------------
I attempted to send three emails from MAIL2, none of them were allowed through.
Ray.