PIX515 slow SMTP performance

abgromov · ‎01-16-2003

I have PIX515 (IOS 6.22) with mail server in dmz.

No other network devices in dmz.

Clients from inside access dmz via dymanic NAT.

No static NAT and ACLs are applied.

POP3 and any other types of connections from inside to dmz mail server are fast, but SMTP slow ( mail server responses to 'Telnet <ip_addr> 25' over 5-10 sec). No errors are occured on both ethernet interfaces.

No problems with client performance and mail server when it moves to inside

segment.

tvanginneken · ‎01-16-2003

Hi,

could you try disabling the smtp fixup protocol and see if it makes any difference?

Kind Regards,

Tom

chrclark · ‎01-16-2003

Try permitting IDENT. Some SMTP hosts try to verify who is sending the e-mail before the accept it. Then it will give up and accept the e-mai anyway. Maybe you could disable that option on the SMTP host.

gfullage · ‎01-16-2003

If the initial connection takes 5-10 seconds to come back, but then after that the response is "normal", then as the previous person said, this is probably an IDENT problem. The best way is to disable your SMTP server from doing this, but if you're not sure how to do that, you can tell the PIX to send an RST back to the mail server if it sees it by doing:

> service resetinbound

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/s.htm#1045404