Re: asterisks in smtp banner
2010/2/15 Serge Fonville serge.fonvi...@gmail.com: Hi, I noticed with a couple of mail servers that the smtp greeting contains 220 followed by a lot of asterisks. When I do a check using mxtoolbox I get Warning - Reverse DNS does not match SMTP Banner How do I assure that the normal text is displayed instead of the asterisks? Well, ask the administrator of network to disable cisco smtp fixup? -- Eero
Re: asterisks in smtp banner
2010/2/15 Serge Fonville serge.fonvi...@gmail.com: Thanks for the replies How do I assure that the normal text is displayed instead of the asterisks? Well, ask the administrator of network to disable cisco smtp fixup? Turn off the SMTP protocol fixup in the Pix. I also found that as a solution. Unfortunately there is no pix in between. Only an ASA. I also found it might be related to inspect on ASAs, but again this is not enabled. http://www.binarywar.com/2009/11/cisco-pixasa-causes-smtp-banner-corruption/ Note that other end might also use cisco asa or pix before mailserver. -- Eero
Re: asterisks in smtp banner
Thanks for the reply How do I assure that the normal text is displayed instead of the asterisks? Well, ask the administrator of network to disable cisco smtp fixup? Turn off the SMTP protocol fixup in the Pix. I also found that as a solution. Unfortunately there is no pix in between. Only an ASA. I also found it might be related to inspect on ASAs, but again this is not enabled. http://www.binarywar.com/2009/11/cisco-pixasa-causes-smtp-banner-corruption/ Note that other end might also use cisco asa or pix before mailserver. Yes, I thought of that right after I clicked send. Thanks all Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: asterisks in smtp banner
On Mon, 2010-02-15 at 11:45 +0100, Ralf Hildebrandt wrote: * Serge Fonville serge.fonvi...@gmail.com: Hi, I noticed with a couple of mail servers that the smtp greeting contains 220 followed by a lot of asterisks. CISCO PIX. When I do a check using mxtoolbox I get Warning - Reverse DNS does not match SMTP Banner How do I assure that the normal text is displayed instead of the asterisks? Disable the smtp protocol fixup feature in the PIX. Can someone share a good reference that says that smtp-protocol-fixup can be safely disabled without compromising the security. Apparently the Cisco guys themselves dont own up to their bug and they say disabling anything is at ones own risk. That is enough to get the boot from the (so called! ) security team.
Re: asterisks in smtp banner
Can someone share a good reference that says that smtp-protocol-fixup can be safely disabled without compromising the security. Apparently the Cisco guys themselves dont own up to their bug and they say disabling anything is at ones own risk. That is enough to get the boot from the (so called! ) security team. Well, I think this smtp fixup designed to protect poor smtp servers like microsoft exchange? or poorly configured smtp servers.. Anyway, looks like cisco smtp fixup contains lot of bugs like: http://www.arschkrebs.de/postfix/postfix_cisco_pix_bugs.shtml http://blogs.oucs.ox.ac.uk/networks/2009/11/26/cisco-firewall-smtp-fixup-considered-harmful/ -- Eero
Re: asterisks in smtp banner
There are good explanations here: http://groups.google.com/group/comp.dcom.sys.cisco/browse_frm/thread/ee1c9bc0180cacad/8e679e9c420395dc?tvc=1q=smtp%20fixup%20cisco%20sendmail -- Vladimir Vassiliev v...@edu.yar.ru
Re: asterisks in smtp banner
* ram r...@netcore.co.in: Can someone share a good reference that says that smtp-protocol-fixup can be safely disabled without compromising the security. Apparently the Cisco guys themselves dont own up to their bug and they say disabling anything is at ones own risk. Of course ALL changes are ones own risk -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
