07-14-2004 03:21 AM - edited 03-09-2019 08:03 AM
The Exchange Mail servers run ESMTP.
The only way the PIX Firewall allows ESMTP is to disable the fixup protocol smtp 25.
Does this not create security expsoures on the firewall for SMTP.
Is there a way to customize mailguard to protect SMTP and still allow ESMTP through.
regds
Johnny
Solved! Go to Solution.
07-14-2004 08:57 AM
It is a free upgrade if you have a smartnet contract on your PIX. A Smartnet contract entitles you to free software upgrades on the convered hardware. Hope this helps explain matters.
Scott
07-14-2004 04:11 AM
Johnny
Yes you are correct, by disabling the SMTP fixup protocol you are creating a SMTP security problem. I don't believe there is a way of customizing mailguard to protect SMTP and still allow ESMTP.
You can only have one or the other, i.e. fixup protocol SMTP 25 OR no fixup protocol SMTP 25. The PIX is doing its job correctly and if you are running ESMTP then I would suggest that you fine tune you ESMTP server and not the PIX! I am not a Microsoft guy so will not be able to advise on fine tuning an ESMTP server but there are lots of information on this on the web just try Google, i.e. search for PIX ESMTP problems.
Hope this helps a little.
Jay
07-14-2004 05:04 AM
As an FYI, the feature requests have been heard and we are finally adding an ESMTP inspection engine to PIX 7.0 code which is due out towards the end of the year.
Scott
07-14-2004 05:24 AM
Hi Scott,
Thanks for the info.
I'm assuming there will be a charge to upgrade from 6.3 to 7.0 or would this be a free upgrade.
regds
Johnny
07-14-2004 08:57 AM
It is a free upgrade if you have a smartnet contract on your PIX. A Smartnet contract entitles you to free software upgrades on the convered hardware. Hope this helps explain matters.
Scott
07-14-2004 11:00 PM
Hi Scott,
Yes it does thanks for the info.
regds
Johnny
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: