Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
314
Views
0
Helpful
1
Replies

PIX cannot give access to outlook Express

chrishudson
Level 1
Level 1

‎10-28-2004 04:23 PM - edited ‎02-20-2020 11:42 PM

Hi

I configured PIX with Port redirection to the mail server(MS Exchange) Now from the remote site while I am trying to access my mail by using outlook Express ,I can receive mails but I am unable to send mail.When I disabled mail guard in PIX ,the problem was solved.Is it a security threat ?

Chris

0 Helpful
1 Reply 1

Patrick Iseli
Level 7
Level 7

‎10-28-2004 04:40 PM

Could be a threat. You have public accessable Mail Server that has probably POP and SMTP open. If your Exchange is not correctly patched and configured it could be compromised and an attcker could have access to this server.....

What does the mailguard do:

The PIX Software Mailguard feature sanitizes SMTP traffic. For PIX Software versions 4.0 and 4.1, the mailhost command is used to configure Mailguard. In PIX Software versions 4.2 and later, the command has been changed to fixup protocol smtp 25. The static and conduit statements are also required for your mail server.

When configured, Mailguard allows only the seven SMTP minimum-required commands as described in Section 4.5.1 of RFC 821 leavingcisco.com. These seven minimum-required commands are HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT. Other commands, such as KILL, WIZ, and so forth, are intercepted by the PIX and they are never sent to the mail server on the inside of your network. The PIX responds with an "OK" to even denied commands, so attackers do not know that their attempts are being thwarted.

Testing the PIX Firewall Mailguard Feature:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b2ecb.shtml

Final word: I mean still the server even with the mailgurd feature is exposed to the internet. But the attacker need to find an exploit or buffer overflow to exploit it. So agin Patch your system and configure it right. Use POP with SSL/TLS = POPS instead of clear text passwords that travels to the internet.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card