Sending E-mail slow through PIX 501

csuser · ‎12-03-2003

After installing a PIX 501 Firewall at a client, they are complaining that when they send e-mail from Outlook Express 6 that a message displays for 30 - 60 seconds stating that is Connecting to the Server. The e-mail does send correctly after this delay. This happens on all PC's behind the firewall and for all sizes of e-mails. Before the Firewall, everything was fine. E-mails sent instantaneously.

Does anyone know what may be happening?

gfullage · ‎12-03-2003

Do you have the SMTP fixup turned on in the PIX. This will stop the ESMTP and could be causing the delay you're seeing (as Outlook times out waiting then tries just standard SMTP). Do the following (if you haven't already):

no fixup protocol smtp 25

and see how that goes.

csuser · ‎12-04-2003

Hi,

Thanks for the reply.

It seemed to help some. By this I mean that the e-mail seems to be taking less than 30 seconds now but it still doesn't send instantaneously.

Any other ideas?

rgrcommo · ‎12-04-2003

Is your PIX filtering smtp port 113 traffic?

The smtp server will sometimes send a request to the user to identify himself. The request uses IDENT service running on port 113. If you have not explicitly allowed this traffic the PIX will deny it and the connection will be either very slow or timeout - you can either allow this 113 on the PIX or turn off IDENT on the smtp server.

using the fixup smtp command will allow: HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT to pass thru.

Hope this helps.

Jeff

bmuha · ‎12-04-2003

may want to try this also

service resetinbound

--Brian