Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1977
Views
0
Helpful
3
Replies

Telnet 25 fails

slicciardola
Level 1
Level 1

‎09-07-2020 01:03 AM

Hi All,

we've got 2 cisco esa c600v on a cluster and if i telnet port 25 i've got the smtp wellcome banner and everything related, we've also a test appliance, same network, same firewall rules, with an outbound listener configured listening on port 25, but if i do telnet on this last one i do not have the wellcome banner but only cmd black screen, as it is connected but the ESA is rejecting or closing this connection in some way.

Could someone please give me an advice?

Thanks

Salvatore

 
Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎09-07-2020 01:24 AM

Couple things not clear ?

 

1. what is the IP address of Test ESA, ?

2. is ESA lconfigured to listen port 25., check on the ESA

Confirm what port your listener is configured on for your ESA from Network > Listeners on the GUI, or listenerconfig on the CLI.

3. check is ther any way you can test from same network (by pass Firewall ?).

4. what you see on FW when you intiate the telnet ESAIP 25 ? do you see the request coming to FW and allowed ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

slicciardola
Level 1
Level 1
In response to balaji.bandi

‎09-07-2020 02:43 AM

Hi,

ok, i try to clarify:

1. we try to telnet to the outbound (not management) ip of the ESA which has a listener correctly configured on listening port 25

2. i do a test telnetting itself and it is working

3. on firewall logs we have "server reset" from the appliance

Thanks

Salvatore

0 Helpful

crengifo
Cisco Employee
Cisco Employee
In response to slicciardola

‎09-07-2020 03:19 PM

Hello Salvatore,

 

I have some quick questions, is that a private listener where you're trying to connect and somehow the connection is being rejected? If so, you may need to track the connection on the mail_logs and see what's the sender group where the connection is hitting. By default, when you create a new private listener, the RELAYLIST gets created  and there's also another sender group by default, it's called "ALL" which some times is associated to the "REJECTED" mail flow policy, meaning that connections that does not hit the RELAYLIST sender group will fall into the ALL sender group and hence, they will be rejected.

 

Anyways, tracking the connection attempt on the mail_logs will help you determine the reason why you're not able to connect.

 

I'm attentive to any comments.

 

Regards,

Cristian Rengifo

0 Helpful
Customers Also Viewed These Support Documents