To receive mail (SMTP) on your server you only need TCP port 25. TCP port
110 is for POP access so users can get their mail from the mail server, mail
servers don't use port 110.
HTH,
Kent
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Pierre-Alex GUANEL
Sent: Thursday, September 20, 2001 6:31 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX / DNS [7:20518]
If I remove mailguard, which ports should I open so that my mail server
receives mail from the Internet? (25 / 110)
Pierre-Alex
-----Original Message-----
From: Eric Hoffman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 8:09 AM
To: 'Pierre-Alex GUANEL'
Subject: RE: PIX / DNS [7:20518]
The "due to DNS response" syslog message in a deny statement means that the
PIX Firewall DNS Guard feature is in effect and the message indicates slow
response from the DNS server. When the response is slow, the PIX Firewall
sends a second DNS inquiry, the first returns, and the second gets denied
and logged.
The above paragraph was taken directly from the cisco webpage:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v41/pixrn417.h
tm
Watch the wrap.
Not sure which version it started in, but it is in the majority of pix code.
HTH,
Eric
-----Original Message-----
From: Pierre-Alex GUANEL [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 6:42 AM
To: [EMAIL PROTECTED]
Subject: PIX / DNS [7:20518]
Has anyone seen this before ("due to DNS Response")?
How do I see details on the DNS response that was denied (packet coming on
the external interface of the firewall I presume)?
106007 Deny inbound UDP from 208.145.207.71/9597 to 10.1.1.51/1077 due
to DNS Response
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20576&t=20518
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
