RE: Wierd PIX issue - Long
Hi, Try disabling the fix option for the SMTP, as far as I remember there is a bug regarding fixup protocols in the 5.3(1) PIX version. Gil -Original Message- From: Eric McMasters [mailto:[EMAIL PROTECTED]] Sent: ??? ? 22 ??? 2001 03:59 To: [EMAIL PROTECTED] Subject: Wierd PIX issue - Long I have PIX 515 w/5.3(1) IOS running and I ran into a problem with SMTP connectivity between two Exchange servers. I have the FW opened up to allow SMTP between Server 1 and Server 2 and everything seemed okay. Now here is the freaky problem. Server 1 receives inbound email just fine, but its outbound email to Server 2 will sit in the queue for a random amount of time before being sent. I hooked up a Sniffer between Server 1 and the FW and the majority of the traffic between the two servers showed "No Response". When I decoded the traffic it looked like Server 1 was sending a reset (RSET) to Server 2 and that is what was causing the problem. After some research on CCO I found an incompatibility with older PIX IOS versions and the "Mailguard" feature. It seems that the Mailguard feature didn't support "ESMTP", which these Exchange servers are using. I thought I had found the problem until I did a little bit more digging and found that this was fixed in IOS 5.2(2) and later with the new support of RFC 1869 for SMTP Service Extensions. So this shouldn't be an issue. The thing that is throwing me off is that A.) Inbound email to Server 1 has no problem. B.) The server admin setup a test servers and both inbound and outbound traffic worked fine through the PIX. C.) Server 2 isn't having any problems getting through the FW. Now here is the kicker...D.) When I disabled "Mailguard" everything is said to be working normally!! I might be paranoid, but I'm starting to think the Exchange guys made some changes on Server 1 and are trying to lead me to believe that it was my FW, but I'm having a hard time dealing with that. The whole denial thing of nothing ever going wrong with Cisco :-|, and the fact that I wasn't involved in the final stage of the troubleshooting. I don't trust many people. Anywayif anyone has ever run into this problem or something similar I would like to hear your story. TIA for all and any responses to my incoherent pleas for mercy! Eric _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Wierd PIX issue - Long
I have PIX 515 w/5.3(1) IOS running and I ran into a problem with SMTP connectivity between two Exchange servers. I have the FW opened up to allow SMTP between Server 1 and Server 2 and everything seemed okay. Now here is the freaky problem. Server 1 receives inbound email just fine, but its outbound email to Server 2 will sit in the queue for a random amount of time before being sent. I hooked up a Sniffer between Server 1 and the FW and the majority of the traffic between the two servers showed "No Response". When I decoded the traffic it looked like Server 1 was sending a reset (RSET) to Server 2 and that is what was causing the problem. After some research on CCO I found an incompatibility with older PIX IOS versions and the "Mailguard" feature. It seems that the Mailguard feature didn't support "ESMTP", which these Exchange servers are using. I thought I had found the problem until I did a little bit more digging and found that this was fixed in IOS 5.2(2) and later with the new support of RFC 1869 for SMTP Service Extensions. So this shouldn't be an issue. The thing that is throwing me off is that A.) Inbound email to Server 1 has no problem. B.) The server admin setup a test servers and both inbound and outbound traffic worked fine through the PIX. C.) Server 2 isn't having any problems getting through the FW. Now here is the kicker...D.) When I disabled "Mailguard" everything is said to be working normally!! I might be paranoid, but I'm starting to think the Exchange guys made some changes on Server 1 and are trying to lead me to believe that it was my FW, but I'm having a hard time dealing with that. The whole denial thing of nothing ever going wrong with Cisco :-|, and the fact that I wasn't involved in the final stage of the troubleshooting. I don't trust many people. Anywayif anyone has ever run into this problem or something similar I would like to hear your story. TIA for all and any responses to my incoherent pleas for mercy! Eric _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wierd PIX issue - Long
Eric, I ran in the exactly same problem as you were having. And 'no fixup smtp 25' was the fix. -Frank On Wed, 21 Mar 2001, Eric McMasters wrote: I have PIX 515 w/5.3(1) IOS running and I ran into a problem with SMTP connectivity between two Exchange servers. I have the FW opened up to allow SMTP between Server 1 and Server 2 and everything seemed okay. Now here is the freaky problem. Server 1 receives inbound email just fine, but its outbound email to Server 2 will sit in the queue for a random amount of time before being sent. I hooked up a Sniffer between Server 1 and the FW and the majority of the traffic between the two servers showed "No Response". When I decoded the traffic it looked like Server 1 was sending a reset (RSET) to Server 2 and that is what was causing the problem. After some research on CCO I found an incompatibility with older PIX IOS versions and the "Mailguard" feature. It seems that the Mailguard feature didn't support "ESMTP", which these Exchange servers are using. I thought I had found the problem until I did a little bit more digging and found that this was fixed in IOS 5.2(2) and later with the new support of RFC 1869 for SMTP Service Extensions. So this shouldn't be an issue. The thing that is throwing me off is that A.) Inbound email to Server 1 has no problem. B.) The server admin setup a test servers and both inbound and outbound traffic worked fine through the PIX. C.) Server 2 isn't having any problems getting through the FW. Now here is the kicker...D.) When I disabled "Mailguard" everything is said to be working normally!! I might be paranoid, but I'm starting to think the Exchange guys made some changes on Server 1 and are trying to lead me to believe that it was my FW, but I'm having a hard time dealing with that. The whole denial thing of nothing ever going wrong with Cisco :-|, and the fact that I wasn't involved in the final stage of the troubleshooting. I don't trust many people. Anywayif anyone has ever run into this problem or something similar I would like to hear your story. TIA for all and any responses to my incoherent pleas for mercy! Eric _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
