[TriLUG] garbled SMTP?
Aaron S. Joyner
aaron at joyner.ws
Mon Jun 21 20:44:27 EDT 2004
Brian A. Henning wrote:
>Hi Listers,
> Got the Cisco PIX firewall figured out (gracious thanks to those who
>helped!), got the router/modem into bridge configuration, all is
>well...except SMTP.
><snip>
>SMTP from outside the LAN works....not great. If I attempt to telnet to
>port 25 from outside the LAN, I get this response:
>
>220
>*********************************************2*******2**********2******200**
>***20*****0*00
>
>..and from that point, the session is unresponsive.
>
>Anybody know what that means, and how to fix it?
>
>
Cisco PIX boxes do SMTP "fixing" - if you connect to the PIX, it will
snag the session, chat with you, validate each command you type one by
one, and if it passes the validation proxy the command through to a
configured smtp server on the back end. This is highly annoying because
it's not a very good SMTP server (it doesn't support ESMTP), but it's
definitely recognizable once you've seen it once or twice. Cisco refers
to this as "MailGuard" and the documentation for it can be found here:
http://www.cisco.com/warp/public/110/22.html
The info there should be plenty enough to get you up and going. The
super-abbreviated version is something like this:
>static 111.222.111.1 10.2.1.1
> conduit 111.222.111.1 25 tcp 0.0.0.0 0.0.0.0
>
or by contrast, to disable it, you should be able to do something like this:
> no fixup protocol smtp
Cisco freely admits in their docs that if you have an ESMTP server that
you may have to disable it for mail to work right. (Hint: virtually
every smtp server out there talks esmtp...)
Enjoy!
Aaron S. Joyner
Not a Cisco-Guru, just someone who's fought this battle before
More information about the TriLUG
mailing list