Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2269
Views
0
Helpful
4
Replies

PIX525 disable smtp inspection problem

pjbcaeiro
Level 1
Level 1

‎05-31-2013 02:22 AM - edited ‎03-11-2019 06:51 PM

Hello,

PIX525 OS 6.3

I´m configuring a service of mail relay in my network, but i cant send mail's outside my network.

In telnet to my relay server outside and i recieve the 220*********************************** message.

I already have the "no fixup protocol smtp 25" command on pix but the result of telnet is still the same.

on command line

PIX525# show fixup protocol smtp

no fixup protocol smtp 25

what could be the problem?

Thanks in advance

Paulo

Labels:
0 Helpful
4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

‎05-31-2013 02:32 AM

Hi,

Doesnt the code 220 imply that you get in return to the telnet that the SMTP server responded and port TCP/25 is open?

- Jouni

0 Helpful

pjbcaeiro
Level 1
Level 1
In response to Jouni Forss

‎05-31-2013 02:39 AM

Hi,

it's my first time with a pix firewall but my question is related to this lines i have read

"

As of Version 5.1 and higher, the fixup protocol  smtp command changes the characters in the server SMTP banner to  asterisks except for the "2", "0", "0" characters. Carriage return (CR)  and linefeed (LF) characters are ignored. PIX Firewall Version 4.4  converts all characters in the SMTP banner to asterisks. "

in :

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/fixup.html#wp1103507

can you confirm that?

Thanks

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to pjbcaeiro

‎05-31-2013 02:49 AM

Hi,

We dont have any devices running such an old software level.

Our firewalls with ESMTP inspection dont return a banner with all "*" if that is your question.

- Jouni

0 Helpful

pjbcaeiro
Level 1
Level 1
In response to Jouni Forss

‎05-31-2013 03:07 AM

Ok, let me try to explain,

My PIX SO it's 6.3

Wend i try to send a mail outside with mail relay with postfix i get this log from mail server

" < outbound-relay-in.ptprime.pt[62.28.164.245]:25: 220 ***************************************

postfix/smtp[6266]: name_mask: disable_esmtp

correio postfix/smtp[6266]: name_mask: delay_dotcrlf

correio postfix/smtp[6266]: B648127C2466: enabling PIX workarounds: disable_esmtp delay_dotcrlf for outbound-relay-in.ptprime.pt[62.28.164.245]:25

......."

For what i have read in other posts if i disable smtp inspection i will not have this problem anymore.

The relay server should answer with the smtp banner with no "***"

Is this right?

Thanks,

Paulo

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card