Solved: PIX 515E with 7.1(2) SMTP banner changed to 220***** How to disable fixup?

keyvansadeghi · ‎08-03-2006

We have a PIX 515E Firewall and the SMTP Banner is being changed to 220 ********

I need to disable this and I cannot use the 'no fixup protocol SMTP' command as it is not present in 7.1.

Any suggestions?

Regards,

Keyvan

mmorris11 · ‎08-03-2006

This is done under the "class-map inspection_default" class-map in this version of PIX OS.

pls rate if helpful!

View solution in original post

mmorris11 · ‎08-03-2006

This is done under the "class-map inspection_default" class-map in this version of PIX OS.

pls rate if helpful!

cpembleton · ‎08-03-2006

hostname(config)# policy-map "PM-Name"

hostname(config-pmap)# class "class_name"

hostname(config-pmap-c)# no inspect esmtp

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_guide_chapter09186a008063706a.html

Hope this helps.

Chad

Wilson Samuel · ‎08-03-2006

Hi Kevyan,

Please be informed that if you disable packet inspection, the PIX will not do any packet insepction enroute and may be a compromise in the security of the SMTP / ESMTP Daemon.

Hence, please disable ONLY, if its absolute necessity and you have other security measures in between.

An alternate strategy would be to run the PIX in the transparent mode.

Kind Regards,

Wilson Samuel