Re: SMTP Telnet response from exhange server behind PIX

stevem · ‎11-08-2004

I just added smtp commands to my PIX with an exhcange server behind it. Originally I tried testing this by doing a telnet from a remote PC. telent 24.x.x.x smtp

to see if it would go through. The response I got was an encrypted/jumbled message like this: 220 ************************************

***********2**0*2********

Although my exchange mail is working fine (so it is not a big deal) I just wanted to know if this was something that the PIX does by default and why? Thanks.

gfullage · ‎11-08-2004

Yes, the PIX is adding all the asterisks to mask the type of mail server you have, it's part of the SMTP "fixup" within the PIX.

If this is an exchange server you may want to turn this off, since the fixup will only (currently) allow SMTP to work through to your server, not ESMTP (it limits the commands that are allowed to pass through). Most people using Exchange want to use ESMTP for its added functionality, and so you have to turn the fixup off. Of course you lose some protection of your SMTP server but if it up to date with patches, etc, then you should be fine.

To turn the fixup off do the following:

no fixup protocol smtp 25

See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/df.htm#wp1067379 for more details on the fixup's.

stevem · ‎11-09-2004

Greg, thanks so much explaining this. Great help!!!

sm