i'm trying to close holes in my firewall. what rule(s) do i need to
if i want dns queries from internal users to get back to them as well

primary dns updates to get to an internal secondary dns server. also,
have a groupwise server as well as an smtp relay server internally.
access rule(s) do i setup so that email goes out and then comes back
i'm afraid that i have a couple rules that might not be needed. ie.

rule 1. from public to private
source port=25
dest port=all
dest ip=email server(groupwise)

rules 2. from public to private
packet type=dns-incomingTCP
source port=53
dest port=all
dest ip=all

rules 3. same as rule 2 with UDP as packet type

i use a port scanner utility and it is teling me that there could be a

breach because the utility was able to scan internale ports with a
port of either 25 or 53. i'm afraid to take those rules out fearing
dns and email will stop working.