>We are running IMail 6 and recently placed our mail server behind a
>PIX firewall. When we look at the IMail Log files, every 30 minutes
>we see MANY idle timeout messages.
"SMTP-" sending? "SMPTD" receving? (actually, I don't care. see below)
>Is there anyone else on the list with an IMail server behind a PIX
>firewall? Any help is greatly appreciated.
You asked for it: think "outside the box"
ie, run a "bastion mail host" outside the firewall. This greatly
offloads SMTP traffic from the firewall (no DNS lookups, no mail
delivery retries). It also greatly simplies your packet filtering
rules, which means better security (less human mistakes), less
maintenance, and reduced rule processing PIX load.
Bastion mail hosts stop 10% - 20% of total outside of the firewall
because it's junk mail, again liberating that very expensive firewall
(it's just a PC with Cisco badge) from processing junk, doh. Bastion
mail hosts are free. The bastion host becomes part of your total
firewalling tactics.
Len
http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 & 8.2.3 T6B for NT4 & W2K
http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
