02-20-2006 01:52 PM - edited 03-03-2019 01:55 AM
Hi guys,
I've just installed a 837 at restaurant. The client checks his e-mail via outlook. He can receive e-mail but gets errors when trying to send. Any ideas. Everything else works great.
Thanks in advance.
02-20-2006 04:36 PM
Hello,
Is the client using POP3 for receiving and SMTP for sending? The servers and login credentials are correctly defined within the Outlook client? You're not blocking either mail protocols on the 837 with an ACL or inspection rule?
Hope this helps.
Regards,
James
02-20-2006 07:53 PM
Sean
I think James has pointed at several interesting possible issues. If you can post the configuration of the router we would be much better able to spot the problem.
HTH
Rick
02-21-2006 12:08 AM
Had a similar kind of problem while changing ISP's.
His ISP might require a dynamic address from their own pool for sending mail due to the large increase in the amount of spam being sent worldwide.
Try using the old dial up connection and checking if the SMTP works. If it does work then you will have to avail of the smtp server service from the new isp to which you have connected the router to and make sure you specify the return email address in outlook options!
Hope this helps!
Arvind
02-21-2006 01:13 AM
Hi Sean,
One or two things to try here. First telnet the smtp server to see if you can establish a socket connection to it. so..... telnet smtp.ispdomain.com 25
don't forget the spaces. you shoul get something like 220 mail.ispdomain.com esmtp
if you don't get a reply then something is amiss.
also. i remember an issuse with adsl boxes like the 837 that if you did not set the mtu's on interfaces correctly certain websites would not work i.e. hotmail.com and there was a problem with pop and smtp. the commands are.
interface Ethernet0
ip tcp adjust-mss 1452
!
!
interface Dialer0
ip mtu 1492
!
Add these in and see if it makes a difference.
Cheers
Steve
02-21-2006 02:10 AM
See if you have stmp inspection configured and if so try these aproaches :
1 - configure estmp inspection -
ip inspect name FW estmp
2 - if you don't have estmp inspection remove the smtp inspection
no ip inspect name FW stmp
Please notice that FW is a generic name and in your config it can be referred by another name
02-21-2006 02:57 AM
This was exactly aproblem I had when BT (UK) implemented SMTP Authentication. The firewall rules had been configured for SMTP inspection and was working fine - the day BT implemented the change I could receive email (POP3) but couldn't send any. The IOS I was running at the time didn't have support for ESMTP so I disabled the inbound SMTP inspection rule and relied on the TCP rule.
I recently upgraded the IOS to 12.3T and ESMTP is available. I have enabled the ESMTP rule and all is well.
HTH
Andy
02-22-2006 06:03 AM
Hi Guys,
The guru in our office that configured this router
says that he cannot figure out why we cannot send e-mail via outlook. I put the old router and cable modem back in at the site and we could send and receive e-mail via outlook fine. ( PPOE setup )
Put the Cisco back in and no luck.
This is the config file. If anybody can point me in the right direction to make the change I will try it at the site. We are using port 4 (10.100.100.1)to connect to a linksys for public internet access. He is behind the 192.168.100.xxx subnet.
Hope this helps.
Thanks in advance.
ip virtual-reassembly
ip tcp adjust-mss 1452
hold-queue 100 out
!
interface Ethernet2
ip address 10.100.100.1 255.255.255.0
ip access-group 106 in
ip nat inside
ip virtual-reassembly
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
atm vc-per-vp 256
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer1
description ip address negotiated
ip address negotiated
ip access-group 111 in
ip mtu 1492
ip nat outside
ip inspect myfw out
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXX@ameritech.net
ppp chap password xxx
ppp pap sent-username XXXXX@ameritech.net password xxxx
ppp ipcp dns request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
no ip http secure-server
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.100.250 5631 interface Dialer1 5631
ip nat inside source static udp 192.168.100.250 5632 interface Dialer1 5632
!
access-list 102 permit ip 192.168.100.0 0.0.0.255 any
access-list 102 permit ip 10.100.100.0 0.0.0.255 any
access-list 105 deny ip 192.168.100.0 0.0.0.255 10.100.100.0 0.0.0.255
access-list 105 permit ip any any
access-list 106 deny ip 10.100.100.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 106 permit ip any any
access-list 111 permit udp any any eq 5632
access-list 111 permit tcp any any eq 5631
access-list 111 permit tcp any any eq telnet
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
exec-timeout 120 0
modem enable
stopbits 1
line aux 0
modem InOut
modem autoconfigure type usr_sportster
stopbits 1
speed 19200
flowcontrol hardware
line vty 0 4
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
end
02-22-2006 06:28 AM
I had the exact same issue at home for ages.
Having gone around through everything I eventually discovered that if you turn OFF the IP inspect for ESMTP then it works fine.
I've had this happen more than once on multiple firewalls and routers and this is definately the fix
02-22-2006 09:03 AM
Sean
I have looked through the config and there are several things that I do not understand (and which may or may not be related to the problem that you describe). Perhaps you can clarify these aspects:
- in your text you say "We are using port 4 (10.100.100.1)to connect to a linksys for public internet access" but that address is on Ethernet 2 and is clearly the inside interface.
- you say that the user is on network/subnet 192.168.100.0, and that address range is mentioned in the access list for PAT/NAT and the inbound access list on interface Ethernet 2, but I can not tell where that network/subnet is. It is not a connected interface and there is no static route to it, so it looks to me like it would be out the static default route out the dialer.
- the inbound access list on the dialer interface has permit statement for ISAKMP, ESP, and GRE but I am not seeing those configured on the router.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide