07-23-2008 11:08 AM - edited 03-11-2019 06:19 AM
515E
I am in the process of setting up an in house mail server. In so I have setup smtp, pop3, and imap to pass to my mail server.
for some reason when I do the telnet test for 25 from an outside location, the 515E returns the 220 and not my mail server. pop3 and imap seem to work fine
any ideas what could be blocking my 25
thanks
mark
07-23-2008 11:56 AM
what software version of the PIX do you have?
07-23-2008 12:07 PM
Hello Mark,
"the 515E returns the 220 and not my mail server"
I dont know a reply type of "220" from PIX firewall. If you telnet 25 to the IP and get any kind of screen (either blank or some output) other than "Could not open connection to the host" Connect failed or timeout, that means the port is open.
By the way, exchange server reply to a telnet to port 25 starts with 220. Here is one of them
"220 xxxx.xxxx.xxx Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at
Wed, 23 Jul 2008 23:09:19 +0300 "
Or sometimes just 220 and some ASCII chars like ######## or so.
If you post your sanitized config, we would help better.
Also make sure that you configued your SMTP Connector in Exchange server
Regards
07-23-2008 12:31 PM
You probably also want to turnoff fixup for smtp. We run a 515e and E2K and have it off. It's my understanding that MS has a problem with that.
07-23-2008 12:43 PM
when I do the telnet 25 from an outside location I get one of 2 returns
220 ####### - I am told this is the 515e responding
or nothing
07-23-2008 12:39 PM
Guessing old, I inherited this when I started this job.
version 6.3(5) does that sound right?
07-23-2008 12:48 PM
In this case I advise you to turn off smtp fixup.
07-23-2008 05:04 PM
Mark,
"220 ####### - I am told this is the 515e responding"
Inspection is replacing the starttls echo-reply with ## sometimes ** . Most mail servers work in this case, but your mail server may not be able to establish connection with some mail servers.
Following are the necessary commands to correct that
policy-map type inspect esmtp esmtp_map
parameters
no mask-banner
policy-map global_policy
class inspection_default
inspect esmtp esmtp_map
But this is available in code 7.2 or higher. I dont know an equivalant for 6.3 code and I assume it does not exist.
Better upgrade your IOS or remove the fixup as suggested.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide