The GNAC firewalls list, it's stated as "well known" that several version of PIX firmware when runing "SMTP fixup" breaks Exchange and Notes, but not sendmail or postfix.
a couple of quotes: " >The explanation I got from Cisco is that Exchange 5.x / 2000 implements a >superset of ESMTP commands. In fact with the fixup SMTP turned on the PIX >only listens to seven SMTP commands and ignores all ESMTP commands. With >the fixup SMTP turned off, it should allow most if not all SMTP packets to >flow untouched. The issue seems to be that the Exchange server insists >upon trying to use ESMTP for certain functions and may under certain >circumstances refuse to renegotiate and fall back to SMTP, when ESMTP >commands are blocked or not supproted. " and " The PIX SMTP fixup isn't broken. It's an interpretation of RFC 821 for SMTP. If you use it you need a SMTP compliant mail implementation. PIX then intercepts and scrubs certain commands and data that appear in those connections as per RFC 821. Postfix and other implementations work with fixup. Some Exchange implementations work. If you sniff the connection, or check the PIX logs you will see it is clearly due to their implementation of SMTP. The PIX fixup does not work if you are using ESMTP. That's clearly stated in the PIX documentation. RFC 821 was never extended to cover ESMTP. Many, many folks miss that point. " Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
