Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
0
Helpful
3
Replies

Pix 515E - Inbound SMTP 106015 drops on outside interface

dclee
Level 1
Level 1

‎10-02-2008 11:17 AM - edited ‎03-11-2019 06:52 AM

We are currently running a Pix 515E 6.3(5), no failover mode. I am getting alot of drops on the outside interface on SMTP port. The error is 106015 Deny TCP (no connection) from IP_addr/port to IP_addr/port flags. I have researched the error and it appears that this is a malformed smtp packet that is getting discarded. Is this usual behaviour or is this something I should be looking at ?

I am dropping this traffic from a wide range of public IP's.

Any help would be appreciated.

Cheers

Dave

Labels:
0 Helpful
3 Replies 3

dkraut
Level 1
Level 1

‎10-02-2008 11:28 AM

Do you have fixup protocol smtp 25 enabled? If so, try disabling it as it has been known to cause a lot of trouble. >>

no fixup protocol smtp 25

0 Helpful

dclee
Level 1
Level 1
In response to dkraut

‎10-02-2008 11:30 AM

I do have the fixup protocol enabled.

Can i just enter the no fixup command without affecting the mail flow, or is this something that should be done afterhours ?

Cheers

Dave

0 Helpful

suschoud
Cisco Employee
Cisco Employee
In response to dclee

‎10-02-2008 12:27 PM

you can run this command during production hours.It just puts a lot of constraints on what smtp commands can pass through f/w.Removing these constraints ( fixup ) would not affect the mail flow.

Regards,

Sushil

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card