RE: Pix firewall and mail server - bad combo? [7:4748]

Thu, 17 May 2001 00:13:40 -0700 

Hi, 

I have run several times into such problems (up to version 5.2). The only
solution I've found so far is to disable the smtp guard (no fixup protocol
smtp 25).



=====================================================================
Panayiotis Psihoyios                    SyNET S.A.
CCNP (Security, ATM), CCDP, MCP 118 B, Agias Eleoussis Street
Network Engineer                                GR 151 25 Maroussi
email: [EMAIL PROTECTED]               Athens - Greece
Tel:++ 301 61 29 500                    Fax: ++ 301 61 25 313
=====================================================================

> -----Original Message-----
> From: Chewy Gravy [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 17, 2001 12:32 AM
> To: [EMAIL PROTECTED]
> Subject: Pix firewall and mail server - bad combo? [7:4748]
> 
> 
> Hi all -
> 
> I'm encountering some problems with mail delivery, and it 
> seems that the
> Pix firewall may be the culprit. Here are the symptoms (IP and domain
> names have ben changed to protect the inept):
> 
> - telnet to port 25 from a machine not passing through the pix and you
> get a standard response:
> 220 mail.mydomain.com ESMTP server (Post.Office v3.5.3 
> release 223) ready
> Wed, 16 May 2001 14:23:12 -0700
> ehlo mydomain.com (my input)
> 250-mail.mydomain.com
> 250-HELP
> 250-EXPN
> 250-XREMOTEQUEUE
> 250-ETRN
> 250-PIPELINING
> 250 SIZE
> 
> - telnet to port 25 from a machine that passes through the 
> Pix, and you
> get this mess:
> telnet mail.mydomain.com 25
> Trying 172.16.16.16...
> Connected to mail.mydomain.com.
> Escape character is '^]'.
> 220
> ************************************************************22
> ******0***20***00**00*0***********************200*****2******0*00
> ehlo mydomain.com (my input)
> 500 Command unknown: 'XXXX'
> 
> In the Pix config I have the following relevant entries (IP addresses
> have been changed):
> fixup protocol smtp 25
> static (inside,outside) 172.16.16.16 172.16.16.16 netmask 
> 255.255.255.255
> 0 0
> conduit permit tcp host 172.16.16.16 eq smtp any
> conduit permit tcp host 172.16.16.16 eq pop3 any
> 
> We're also getting log entries on the mail server that 
> indicate timeouts
> - the biggest problem is that some of my users are getting repeats of
> messages - sometimes hundreds of them over the course of a 
> week or more.
> 
> Ideas?
> 
> Doug
> [EMAIL PROTECTED]
> =========================
> FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4814&t=4748
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to