cannot pass smtp - 25

Unanswered Question

515E


I am in the process of setting up an in house mail server. In so I have setup smtp, pop3, and imap to pass to my mail server.


for some reason when I do the telnet test for 25 from an outside location, the 515E returns the 220 and not my mail server. pop3 and imap seem to work fine


any ideas what could be blocking my 25


thanks

mark

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.alekseev Wed, 07/23/2008 - 11:56
User Badges:
  • Gold, 750 points or more

what software version of the PIX do you have?

husycisco Wed, 07/23/2008 - 12:07
User Badges:
  • Gold, 750 points or more

Hello Mark,

"the 515E returns the 220 and not my mail server"

I dont know a reply type of "220" from PIX firewall. If you telnet 25 to the IP and get any kind of screen (either blank or some output) other than "Could not open connection to the host" Connect failed or timeout, that means the port is open.

By the way, exchange server reply to a telnet to port 25 starts with 220. Here is one of them


"220 xxxx.xxxx.xxx Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at

Wed, 23 Jul 2008 23:09:19 +0300 "

Or sometimes just 220 and some ASCII chars like ######## or so.

If you post your sanitized config, we would help better.

Also make sure that you configued your SMTP Connector in Exchange server


Regards

a.alekseev Wed, 07/23/2008 - 12:48
User Badges:
  • Gold, 750 points or more

In this case I advise you to turn off smtp fixup.

husycisco Wed, 07/23/2008 - 17:04
User Badges:
  • Gold, 750 points or more

Mark,

"220 ####### - I am told this is the 515e responding"

Inspection is replacing the starttls echo-reply with ## sometimes ** . Most mail servers work in this case, but your mail server may not be able to establish connection with some mail servers.

Following are the necessary commands to correct that


policy-map type inspect esmtp esmtp_map

parameters

no mask-banner


policy-map global_policy

class inspection_default

inspect esmtp esmtp_map


But this is available in code 7.2 or higher. I dont know an equivalant for 6.3 code and I assume it does not exist.

Better upgrade your IOS or remove the fixup as suggested.


Regards

Actions

This Discussion