Re: FW IOS outlook express

ggarza · ‎06-13-2004

I am using fw ios on 1721 router using sample standard config from cisco. When I try to send an email i get authentication failed secure ssl port 25 error. My outlook is configured correctly. Only if I remove the inspect and acl from the interfaces I can send the email.

3gleister · ‎06-17-2004

My guess is that you 're not using standard smtp commands and that is why it's failing. The inspection allows 7 basic smtp commands through the firewall. by using authentication, this is not one of them. Remove just the inspect for smtp and reapply the acl and see what happens. This is common in Pix software., removing the fixup protocol smtp 25 command for users that need to authenticate for mail.

Good luck

srganote1 · ‎07-23-2004

I am using ios firewall on a 2620 router. Firewall was configured using ConfigMaker v2.6. I allow the internet to access http(80), pop3(110), and smtp(25) on my mail server. When using Outlook Express from an outside connection I cannot send email. I get the "550 5.7.1 Unable to relay for ... server error 550, error number: 0x800ccc79". Is there something else I need to open/allow?

aathomas · ‎07-25-2004

Without seeing your config or knowing your network topology it could be anything.

But If I were you I would use the CLI to enable a JAVA access-list under the global "IP inspect http" command and map it to a permit all access-list .

I found I needed to do this on a 1401 for certain websites AND Outlook express to work.

Not exactly well documented though.

i.e :-

!

ip inspect name ethernetin ftp

ip inspect name ethernetin realaudio

ip inspect name ethernetin smtp

ip inspect name ethernetin streamworks

ip inspect name ethernetin tcp

ip inspect name ethernetin tftp

ip inspect name ethernetin udp

ip inspect name ethernetin http java-list 99

!

access-list 99 remark ***JAVA Filter***

access-list 99 permit any log

!

jeff.bankston · ‎07-26-2004

sounds like you need to permit your mail server to relay mail from wherever you're sending it, the error message indicates a problem accepting mail from your end. ALso, if you're using the smtp inspection, try removing it temporarily, it can sometimes wreck havoc with mail servers that use ESMTP.

-Jeff

srganote1 · ‎07-28-2004

Thanks Jeff,

It began working when I removed the inspect smtp

jeff.bankston · ‎07-29-2004

My pleasure, glad it worked.

One more tip, now that you know about the smtp inspection problem. If this is Microsoft Exchange, and that server is providing outside mail client services, you might consider disabling ESMTP to allow the usage of the smtp inspection. My non-Microsoft mail server DO NOT have this problem.

Check with your mail administrator or Microsoft rep to see if your organization can safely disable ESMTP, which is what was rendered ineffective with the smtp inspection.

Given the mail spamming garbage going on, the inspection was more important to me than ESMTP's value to my organization.

-Jeff

srganote1 · ‎07-29-2004

I'm using Exchange 2000 (not really a fan of Microsoft). I turned off (I think) ESMTP and turned the inspection back on but it still doesn't work. I followed instructions from a couple of MS knowledgebase articles on setting up and SMTP connector and configuring it to use HELO instead of EHLO and disabled the ESMTP verbs controlled by the metabase (using Active Directory). That's all I could find from Microsoft on 'turning off' ESMTP

Thanks,

Suzanne