It may function the same as a PIX with mailguard, in the sense that only
certain SMTP commands are allowed to pass...........just the required 6 or
7 commands like RCPT To, MAIL From, DATA, etc. Perhaps the MTA that
connected sent like "vrfy" or "expn" or even "ehlo" and it doesn't want to
pass that so flags it as invalid............mail would still work as expn,
vrfy, ehlo, helo, etc are all just optional commands.
Brian
On Wed, 22 Nov 2000, Stull, Cory wrote:
> I recently installed IOS firewall software on our internet router and
> started logging the messages to a syslog server. I'm getting a few
>
> Error Message
> %FW-3-SMTP_INVALID_COMMAND: Invalid SMTP command from initiator
>
> The weird thing is the IP address of the initiator is that of my own email
> server... Anyone seen this before? I looked it up on cisco.com and it said
> nothing helpful because the initiator was my own email server.... Cisco
> explanation below....
>
> Explanation The CBAC code detected an invalid SMTP command in the inspected
> SMTP connection. This message indicates that a suspicious violation was
> detected that may be an attack to the mail server system. The command is
> rejected and the connection is reset by the firewall immediately.
> Recommended Action This message is for informational purposes only, but may
> indicate a security problem.
> The following is an example of this type of message:
> %FW-4-SMTP_INVALID_COMMAND: Invalid SMTP command from initiator
> (192.168.12.3:52419)
>
>
> Thanks
>
> Cory R Stull
> CCNP, CCDA, MCSE, BNCS
> Communications Concepts Unl.
> 262-814-7214
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
-----------------------------------------------
Brian Feeny, CCNP, CCDP [EMAIL PROTECTED]
Network Administrator
ShreveNet Inc. (ASN 11881)
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
