Re: pix firewall and mail server

From: Jason Kohles (jkohles@redhat.com)
Date: 12/05/01 

Date: Wed, 5 Dec 2001 12:47:18 -0600
From: Jason Kohles <jkohles@redhat.com>
To: Mike V <mnv@alumni.princeton.edu>

On Tue, Dec 04, 2001 at 11:42:15AM -0700, Mike V wrote:
> I was under the impression that 53/tcp was for zone xfers, and 53/udp was
> for queries, so you may want to confirm to avoid opening more than you need
> to.
>
Your impression is close, tcp is generally used for zone transfers, but only
by coincidence, not by design. tcp is used any time the record exceeds the
maximum udp packet size, on many servers this will only occur during zone
transfers, but you can also hit this when getting back large answers, such
as round robin entries that point to many hosts.

> Mike
>
> ----- Original Message -----
> From: "Sa?a Popravak" <spop@novabanka.com>
> To: "wali" <wali@nile-online.net>; <security-basics@securityfocus.com>
> Sent: Monday, December 03, 2001 1:51 AM
> Subject: Re: pix firewall and mail server
>
>
> > You should also open ports 53/tcp and 53/udp for dns queries so one can
> find
> > your mail server by checking MX record from your dns.
> >
> > Best wishes,
> > Pope
> >
> >
> >
> >
> >
> > ----- Original Message -----
> > From: "wali" <wali@nile-online.net>
> > To: <security-basics@securityfocus.com>
> > Sent: Thursday, 29.November 2001 14:50
> > Subject: pix firewall and mail server
> >
> >
> > > hi
> > > i have a cisco pix firewall
> > > and i only have a mail server(MS exchange) on nt server
> > > and alot of workstations on nt workstation
> > > i made a nating for the pcs to work in virtual ips
> > > and only the mail server take a real ip(the traffic came to real and the
> > > firewall pass it to the virtual)
> > > and i only want the out side traffic came to mail ports only
> > > so i opened the 25 tcp port and close any comming other ports
> > > but the servr stop to recieve mails
> > > wahen i allow all traffic on except icmp it works
> > > is there any other ports should be open to allow the mail server to =
> > > recieve mails
> > >
> > >
> >
> >
> > 

-- 
Jason Kohles                                 jkohles@redhat.com
Senior System Architect                      (703)786-8036 (cellular)
Red Hat Professional Consulting              (703)456-2940 (office)

Relevant Pages

  • Re: Run two email domains to one exchange server 5.5
    ... Is newdomain.com configured in the IMS as? ... Zone: newdomain.com MX mail.newdomain.com ... Mark Anthony MCSE 2003 ... for the MX to point at the FQDN of the mail server in olddomain.com. ...
    (microsoft.public.exchange.admin)
  • Re: keep losing dns zone entry
    ... > but most of them use our main mail server. ... > Brian Small / R and D Computers ... Is the zone a chld zone of an existing parent zone that exists on the ... Microsoft Windows MVP - Active Directory ...
    (microsoft.public.win2000.dns)
  • Re: Zone Alarm question
    ... try adding the IP address to your trusted zone. ... it must have access permission for the Zone the mail server is in. ...
    (comp.security.firewalls)
  • Re: Run two email domains to one exchange server 5.5
    ... Deleted the nonexist mail server record; the 10.0.100.5 is the address to the ... relay in the routing tab of the new domain IMS -looked like it was going to ... Mark Anthony MCSE 2003 ... Zone: newdomain.com MX mail.newdomain.com ...
    (microsoft.public.exchange.admin)
  • Re: Zone Alarm question
    ... try adding the IP address to your trusted zone. ... it must have access permission for the Zone the mail server is in. ...
    (comp.security.firewalls)