03-16-2006 01:37 PM - edited 02-21-2020 12:46 AM
When I telnet (in or out) to a mailserver (using port 25) the response is:
220-*******************
and all commands come back as "Invalid Command"
When I put the old (non-pix) firewall back in, this doesn't happen (the responses are complete and commands work fine.)
A lot of email is coming and going, but some email servers can't send us email.
Is this common for a mis-configuration and where should I look?
Thanks,
Mark
Solved! Go to Solution.
03-16-2006 02:17 PM
Remove the fixup protocol smtp 25 !
command to execute:
no fixup protocol smtp
Details about that:
The fixup protocol smtp command enables the Mail Guard feature, which only lets mail servers receive the RFC 821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT. All other commands are translated into X's which are rejected by the internal server. This results in a message such as "500 Command unknown: 'XXX'." Incomplete commands are discarded.
Note During an interactive SMTP session, various SMTP security rules may reject or deadlock your Telnet session. These rules include the following: SMTP commands must be at least four characters in length; must be terminated with carriage return and line feed; and must wait for a response before issuing the next reply.
As of PIX Firewall software Version 5.1 and higher, the fixup protocol smtp command changes the characters in the SMTP banner to asterisks except for the "2", "0", "0 " characters. Carriage return (CR) and linefeed (LF) characters are ignored.
In PIX Firewall software Version 4.4, all characters in the SMTP banner are converted to asterisks.
Reference:
sincerely
Patrick
03-16-2006 02:17 PM
Remove the fixup protocol smtp 25 !
command to execute:
no fixup protocol smtp
Details about that:
The fixup protocol smtp command enables the Mail Guard feature, which only lets mail servers receive the RFC 821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT. All other commands are translated into X's which are rejected by the internal server. This results in a message such as "500 Command unknown: 'XXX'." Incomplete commands are discarded.
Note During an interactive SMTP session, various SMTP security rules may reject or deadlock your Telnet session. These rules include the following: SMTP commands must be at least four characters in length; must be terminated with carriage return and line feed; and must wait for a response before issuing the next reply.
As of PIX Firewall software Version 5.1 and higher, the fixup protocol smtp command changes the characters in the SMTP banner to asterisks except for the "2", "0", "0 " characters. Carriage return (CR) and linefeed (LF) characters are ignored.
In PIX Firewall software Version 4.4, all characters in the SMTP banner are converted to asterisks.
Reference:
sincerely
Patrick
03-16-2006 02:43 PM
Thanks, Patrick.
I'll give that a try. I might not get to test it until early next week because of other issues, but I'll mark this guy fixed if that takes care of it.
Mark
03-24-2006 01:54 PM
That did it. Thanks! I was actually experiencing two problems. There is a local school that couldn't get email to us, but it seems that they are getting black listed by several ISPs and are finding it very difficult to get their email delivered. This didn't fix that problem, but we seem to get everyone else, including the spammers!
Mark
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide