01-16-2003 06:08 AM - edited 03-09-2019 01:42 AM
I have PIX515 (IOS 6.22) with mail server in dmz.
No other network devices in dmz.
Clients from inside access dmz via dymanic NAT.
No static NAT and ACLs are applied.
POP3 and any other types of connections from inside to dmz mail server are fast, but SMTP slow ( mail server responses to 'Telnet <ip_addr> 25' over 5-10 sec). No errors are occured on both ethernet interfaces.
No problems with client performance and mail server when it moves to inside
segment.
01-16-2003 12:03 PM
Hi,
could you try disabling the smtp fixup protocol and see if it makes any difference?
Kind Regards,
Tom
01-16-2003 01:37 PM
Try permitting IDENT. Some SMTP hosts try to verify who is sending the e-mail before the accept it. Then it will give up and accept the e-mai anyway. Maybe you could disable that option on the SMTP host.
01-16-2003 03:55 PM
If the initial connection takes 5-10 seconds to come back, but then after that the response is "normal", then as the previous person said, this is probably an IDENT problem. The best way is to disable your SMTP server from doing this, but if you're not sure how to do that, you can tell the PIX to send an RST back to the mail server if it sees it by doing:
> service resetinbound
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/s.htm#1045404
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide