Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CBAC and SMTP AUTH?

I'm having trouble getting SMTP AUTH to work on our network, even across network segments that have no specific access-list rules between them. Perhaps there's something in the CBAC setting that prevents AUTH from working properly?

Initially...

Our mail server software with relay enabled for everybody...external clients sent message, and it goes through fine.

Disable relay...

external clients sent message, server replies with "relay not permitted" (expected, good)

Enabled AUTH on server and set clients to authenticate...

external cleints sent message, get back error message...

"Your server has unexpectedly terminated the connection. Possible causes for

this include server problems, network problems, or a long period of

inactivity. Account: 'me@mydomain.com', Server:

'mailserver.mydomain.com', Protocol: SMTP, Port: 25, Secure(SSL): No, Socket

Error: 10053, Error Number: 0x800CCC0F

Removed firewall and no longer had problem. External clients authenticate fine and mail is sent, and bad people can't relay mail through our server.

What in the firewall config prevents SMTP AUTH? We're using Cisco 2514 with 11.3

  • Other Security Subjects
2 REPLIES
New Member

Re: CBAC and SMTP AUTH?

The Cisco IOS firewall has a built-in feature that assures that snmp conforms to the recommendations listed in RFC 821, section 4.5.1. This section lists the commands that should be allowed through a firewall (HELO, MAIL, RCTP, DATA, RSET, NOOP and QUIT). The cisco IOS firewall is configured to allow only the above commands and disallow any other command. You can disable this feature by typing 'no ip inspect -name- smtp'. SNMP will still be allowed (if permitted by rules), but the IOS FW will not check for imbedded commands in SMTP.

I hope this helps.

New Member

Re: CBAC and SMTP AUTH?

That was exactly my problem. Thanks so much for your help.

156
Views
0
Helpful
2
Replies
This widget could not be displayed.