Firewall is blocking SMTP port

sid916207 · ‎05-05-2006

Hi All,

I have Pix 506e-OS-6.3(4)configured in LAN of 200 systems.

This pix is giving a strange problem

It blocks IPs randomly only for the SMTP port. All other TCP services can run without having any problem.

And if I change the ip address of that PC or restart the Firewall then mail starts working.

Every day a new IP faces this problem and forces us to change the IP address or to restart Firewall.

Any Idea?

Thanks in advance.

Siddhartha Lochan

unicmd · ‎05-06-2006

running fixup on smtp ? try to disable/enable it

Martin

DK

sebastan_bach · ‎05-06-2006

hi there the problem with smtp in pix 6.3 ios is that it will check for the rfc valid commands in the smtp headers for a valid mail transaction. since todays's mail servers are using ESMTP which is extended smtp which supports authentication has different commands than the regular smtp traffic. since these commands are not validated as rfc compliant smtp commmands ur pix drops them. only solution is disable smtp fixup.however if u could upgrade ur pix to 7.0 ios u can fixup for ESMTP and ur mails will flow smoothly. hope this helps.

regards

sebastan

sid916207 · ‎05-07-2006

Thanks for replying.

I've disabled SMTP fixup.

I hope it willwork.

Thanks to you Guys.

rasoftware · ‎05-08-2006

I had this issue in 6.3 with smtp passing over VPN tunnels between sites. Removing the fixup works. If you telnet to 25 on one of the servers you should be able to issue ESMTP commands without a problem.

I had assumed VPN traffic would not be subject to the fixup.