Good Morning Everyone,
We are having a new financial system installed in the next 10 days
they require port 25 opening on the firewall for an SMTP relay
to the web portal.
I have never had to do anything to the firewall since its been in
so does anyone have any web sites or advice on opening the port up
via the Firewalls ASDM ???
In which direction? (from inside to an outside host, or outside to inside)?
If the latter do you have a static IP? you will need to configure firewall and NAT
If the former then you may need to do nothing.
Do you have the login for the ASA.
Do you have an on site SMTP server for your incomming mail?
Are you sure the requirement relates to the internet firewall and not on the server itself.
Thanks for the reply, at the moment I don't have all the info but am led to beleive
that it will be from outside to inside as the portal runs via IIS,
The clients are assigned DHCP and do not have statics at the moment but obviously the server does
have a static IP, I do have a login for the ASA and we are not runing an SMTP Server it will simply
be a school email running an SMTP relay.
What exactly have you been asked?
Originally Posted by staningrimsby
For an external service to connect to you, your internet service will need a static IP.
It would be unusual for a 3rd part to ask for port 25 to be port forwarded Out->In as it's highly likly to conflict with regular mail services.
It's more likely they need you to have port 25 un-firewalled on the server for the finance system, or they need the finance system to be able to contact an external server on port 25.
I havn't een told a lot at the moment to be honest, I was given a list of server firewall ports that need looking at such as
port 80, 777, and a couple of others then I was told by the SBM that they had been in touch and port 25 would need to be open
on the external firewall for SMTP relay.
As we currently use google apps for education for our email system I was told another account outside this domain would have to be created to facilitate the SMTP relay.
What finance system is it as on here most will be in use and someone can advise what they have done instead :-)
If they have not asked for port 25 on the server , then they can't be expecting to make an inbound connection ( unless they have also asked for a nat from XYZ port on the external IP to port 25 on your server.
I suspect they are specifying that the server needs to be able to contact their external SMTP server.
Assuming that's the case then your either in luck and your server can connect to external SMTP already.
try this from the command line
if the server responds then your HOT :)
if not it's ASA time, and a screenshot of the firewall rules page will be a big help as each situation is different, however there should be a section named INSIDE (may have been renamed) which is where rules from the standard inside interface go. You would place a rule in there with the source as the server , service as smtp destination their server.
There's a "Packet Trace Tester" on one of the menus that's also useful for testing and identifying where blocking is occurring.
Shouldn't that be telnet mx4.hotmail.com:25
Originally Posted by twin--turbo
Hi, it sounds like you are having PS Financials installed. They need the relay to send the order confirmations etc through / to your accounts. I think it sends from a @psf.com account, I also think you can just sent up a standard email account and input the username/password/server address for it to use.
Thank yu for all the help it is PS Financials thats being installed, and I will take a screen shot of the rules page when I get to work on Monday.
Will also give telnet mx4.hotmail.com:25 a go as well thanks and see what the response is.
We have PSF relay via our internal exchange server. No need to setup port 25 access on the external firewall unless you don't run internal servers? In which case you'll need the server to relay via your external user and may need to setup a specific email user/account for PSF.
Seems like you're not using Exch at all. You need to find out what the requirement is, and where the system will be installed, intrnally on your LAN or is is external. And where they want to relay to.
Thank you for the replys, no we are not using any form of Exchange and we have been requested to setup specific email as Soulfish says,
I am going to try and ring Saj at Wanstor today to see if I can get a bit more info.