I admit I missed any mention of users having to authenticate to the
exchange server and it's tie to ESMTP, my error.
It's a shame the pix is not as compatable a solutions for many
environments, and not long ago, in a thread relating to this issue here,
we advocated that Cisco should put up front in their marketing blurbs that
the pix is not ESMTP compliante, so that folks can make choices upfront by
this criteria, or know in advance that they will have to make special
efforts to shim it into their environments.
Thanks,
Ron DuFresne
On Tue, 8 Jan 2002, Michael Janke wrote:
> Ben Nagy wrote:
>
> [..]
>
> >
> > The PIX, for example, doesn't support ESMTP at all. Not even a little
> > bit. I wouldn't surprise me if CBAC doesn't either. That doesn't really
> > make it a firewall issue, though, since any mail server that _requires_
> > ESMTP for inbound mail from the general Internet is broken, IMHO.
>
>
> CBAC will not allow ESMTP either, AFAIK. If logging is enabled, it will
> log ESMTP attempts. We front-end our GroupWise & Exchange with Solaris
> running TrendMicros's AV product.
>
> > The problem you're referring to is common, and extremely hard to pin
> > down the first time it's encountered. It normally occurs on outbound
> > mail, though, unless one is running a mailserver which uses the ident
> > mechanism (and has it enabled) - Exchange is not one of those.
> [..]
>
> Again, logging on the PIX will show the ident attempts, if there are
> any. We've started openeing up ident on every IP that has SMTP open,
> just because of the mail servers that still use ident.
> [..]
>
>
> -----------------------------------------
> Michael Janke
> Minnesota State Colleges and Universities
> -----------------------------------------
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
