Question : Cisco 2600 ACL & PIX 525 with SMTP on DMZ

Hello,

I have a PIX 525 with a new SMTP server on my DMZ.  The SMTP box essentially ensures that inbound mail is not SPAM and then delivers to a server on my inside network.  I can use the web interface and test mail on the SMTP box, but when I telnet from the outside it fails on port 25.  I basically get a blank screen with no SMTP banner.

PIX:

static (dmz1,outside) 128.1.123.26 172.16.106.15 netmask 255.255.255.255 0 0

access-list dmz1 permit tcp host 172.16.106.15 any eq smtp

access-list dmz1 permit tcp host 128.1.123.26 any eq smtp (I thought I would only need this ACL entry)

access-list dmz1 permit tcp any host 128.1.123.26 eq smtp

Cisco 2600 - Perimeter Router:

access-list 130 permit tcp any host 128.1.123.26 eq smtp

 128.1.123.26 is the SMTP server's public IP address and 172.16.106.15 is the private IP on the DMZ segment....

Any ideas?

Thx
Brandon

Answer : Cisco 2600 ACL & PIX 525 with SMTP on DMZ

access-list dmz1 permit tcp any host 128.1.123.26 eq smtp

I believe that should be a different access-list and applied to the outside interface
e.g.:
access-list smtp_in permit tcp any host 128.1.123.26 eq smtp
access-group smtp_in interface outside