Re: Port Forwarding and 1:1 NAT dilemma with email
From: Bryan Linton (blinton_at_nospam.connellinsurance.com)
Date: Wed, 8 Sep 2004 14:56:55 -0500
"Phillip Windell" <@.> wrote in message
> That is actually a good way to do that. I would not criticize her.
> Separating "jobs" out to different public IP#s is more flexable and
> scaleable then trying do everthing with on one public IP#.
Thanks for the reply. I actually wasn't criticizing, I honestly was not
sure why she did it that way. In my case, the 1:1 NAT is interfering with
my port-forwarding requirements, but I can see how multiple IP addresses
could give additional flexibility, now that you mention it.
> Ours is simlar to yours. It wasn't difficult,...incoming SMTP goes from
> Firewall to the Spam Filter first then to the Mail Server. However inbound
> POP3 goes from the Firewall directly to the Mail Server. Outbound POP3
> SMTP both go from the Mail Server Directly to the Firewall and do not
> involve the Spam Filter.
The dilemma I have is how to let our external users relay mail off our
server. All incoming traffic on port 25 is relayed to our spam firewall, so
any attempt to connect to our mail server on port 25 would also be directed
to the spam firewall. Do I need to set my mail server's SMTP port to an
unassigned, non-standard port number? Like, say, port 60? I would then
need to set all my outlook clients to send mail on that port, instead of
port 25, and also set my spam firewall to receive mail on port 25 and
forward good mail to the mail server on port 60. Am I forgetting anything?
> Phillip Windell [MCP, MVP, CCNA]