Re: Transparent FWSM - SMTP issue

a.kiprawih · ‎02-10-2006

Hi,

We recently migrated Server VLAN behind FWSM running in transparent mode.

Before migration, access to mail server was working fine. All users accessing the email server are required to login.

However, after this VLAN migrated behind FWSM, users are no longer getting login/authentication screen, and can access the server directly.

With this, the email server could be exposed to mail relay attack.

As for ACL rules, FWSM allows all traffic (TCP/UDP/ICMP) to pass through without any restriction. This is to collect info which will be used to create ACL rules.

Has anyone experienced this kind of FWSM's behaviour before, and could it be problem with email server?

Thanks

AK

varakantam · ‎02-10-2006

I am assuming when you say "All users accessing the email server are required to login" you meant AAA authentication by the firewall. If so you need to modify your access list to match the traffic destination as mail server. Can you post your AAA and accesslist config ?

a.kiprawih · ‎02-10-2006

Hi,

No, there is no AAA authentication in FWSM to authenticate such services. Its actually referred to the SMTP server where normally, without firewall protection, it can be accessed easily and execute commands that can be used to relay email for whatever purposes. With Cisco PIX/FWSM, it only allows few SMTP commands to be executed for security protection. This is shown under fixup protocol smtp 25.

The Server Vlan is controlled by the other team, and nothing has been changed on their mail server before,during or after the server vlan migrated behind fwsm.

FWSM (transparent mode) maintain the standard fixup protocol for smtp.

Thanks