https://community.cisco.com/t5/network-security/pix-6-1-fixup-protocol-smtp-command-help-requested/m-p/54222#M670755 <P>Hi,</P><P>When I institute a fixup protocol smtp 25 on my pix 515/6.1, I can no longer</P><P>telnet to my smtp server and perform a sample smtp conversation</P><P></P><P>I have the pix's external interface as the global PAT/NAT address, and it is port forwarding smtp to an internal server.</P><P></P><P>When fixup protocol smtp is off, I can telnet in to the smtp server just fine, so the port forwarding is working, and the access list is as well.</P><P></P><P>However, when I turn on fixup protocol smtp 25, I get the banner with the characters rewritten with asterisks, but it doesn't respond to any of the commands I issue, including valid ones.</P><P></P><P>Any ideas?</P><P></P><P>Thanks</P> Fri, 21 Feb 2020 06:02:47 GMT jljamison 2020-02-21T06:02:47Z https://community.cisco.com/t5/network-security/pix-6-1-fixup-protocol-smtp-command-help-requested/m-p/54222#M670755 <P>Hi,</P><P>When I institute a fixup protocol smtp 25 on my pix 515/6.1, I can no longer</P><P>telnet to my smtp server and perform a sample smtp conversation</P><P></P><P>I have the pix's external interface as the global PAT/NAT address, and it is port forwarding smtp to an internal server.</P><P></P><P>When fixup protocol smtp is off, I can telnet in to the smtp server just fine, so the port forwarding is working, and the access list is as well.</P><P></P><P>However, when I turn on fixup protocol smtp 25, I get the banner with the characters rewritten with asterisks, but it doesn't respond to any of the commands I issue, including valid ones.</P><P></P><P>Any ideas?</P><P></P><P>Thanks</P> Fri, 21 Feb 2020 06:02:47 GMT https://community.cisco.com/t5/network-security/pix-6-1-fixup-protocol-smtp-command-help-requested/m-p/54222#M670755 jljamison 2020-02-21T06:02:47Z https://community.cisco.com/t5/network-security/pix-6-1-fixup-protocol-smtp-command-help-requested/m-p/54223#M670772 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>The idea with smtp fixup is to restrict the protocols command set to RFC compliant commands. Your questions really depends on what it is you are trying to accomplish by telneting to your smtp host from the outside and what commands you are running on the mailer service.</P><P></P><P>The fixup works to hide the type of smtp service that is presented to the outside world by removing or replacing the smtp banner that is displayed when telneting to port 25. If you are able to telnet to that port from the outside, than as far as the smtp service is concerned the outside world will be able to establish RFC compliant connections to your smtp host.</P><P></P><P>Hope this helps....</P><P></P><P>Jason Parrish</P><P><A href="mailto:jparrish@rightsys.com">jparrish@rightsys.com</A></P><P></P></BODY></HTML> Thu, 02 May 2002 06:21:26 GMT https://community.cisco.com/t5/network-security/pix-6-1-fixup-protocol-smtp-command-help-requested/m-p/54223#M670772 jparrishrsi 2002-05-02T06:21:26Z https://community.cisco.com/t5/network-security/pix-6-1-fixup-protocol-smtp-command-help-requested/m-p/54224#M670820 <HTML><HEAD></HEAD><BODY><P>hi Jason,</P><P>Thanks for the reply. I am attempting to do a basic SMTP conversation - e.g.</P><P>HELO fromdomain.com</P><P>MAIL From:&lt;<A href="mailto:somebody@somedomain.com">somebody@somedomain.com</A>&gt;</P><P>RCPT To:&lt;<A href="mailto:user@insidedomain.com">user@insidedomain.com</A>&gt;</P><P>DATA</P><P>now is the time for all good men...</P><P>.</P><P>QUIT</P><P>----------</P><P>However basically nothing happens after the substituted banner output. I am concerned that if I turn the fixup command on for protocol SMTP that inbound mail will get stuck. I was hoping to verify the SMTP protocol manually before turning it over.</P><P>-John</P></BODY></HTML> Thu, 02 May 2002 17:02:16 GMT https://community.cisco.com/t5/network-security/pix-6-1-fixup-protocol-smtp-command-help-requested/m-p/54224#M670820 jljamison 2002-05-02T17:02:16Z https://community.cisco.com/t5/network-security/pix-6-1-fixup-protocol-smtp-command-help-requested/m-p/54225#M670846 <HTML><HEAD></HEAD><BODY><P>I had the exact same problem. I had to turn mail guard off because mail wasn't coming in.</P></BODY></HTML> Thu, 02 May 2002 20:30:27 GMT https://community.cisco.com/t5/network-security/pix-6-1-fixup-protocol-smtp-command-help-requested/m-p/54225#M670846 bz 2002-05-02T20:30:27Z https://community.cisco.com/t5/network-security/pix-6-1-fixup-protocol-smtp-command-help-requested/m-p/54226#M670874 <HTML><HEAD></HEAD><BODY><P>RESOLUTION</P><P></P><P>It appears that the SMTP traffic flows correctly with the fixup protocol smtp 25 command turned on, even though after doing so you cannot telnet to port 25 through the pix and perform a test SMTP dialogue</P><P></P><P>-John</P></BODY></HTML> Wed, 08 May 2002 20:07:41 GMT https://community.cisco.com/t5/network-security/pix-6-1-fixup-protocol-smtp-command-help-requested/m-p/54226#M670874 jljamison 2002-05-08T20:07:41Z