Re: fixup command

rajeshk500 · ‎03-03-2004

hello,

anybody can brief about fixup command

for eg "fixup protocol smtp"

what exactly it doess on smtp protocol when we configure above mentioned command

thanx&regards

rajesh

mostiguy · ‎03-03-2004

it blocks the banner that the smtp server will send, i.e:

220 sakharov.ostiguy.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Wed, 3 Mar 2004 06:55:40 -0500

and replaces it with *'s.

More importantly, it blocks any ESMTP verbs from being used. This will almost assuredly cause any version of MS exchange to have problems, as well as some other mailers.

If you use exchange, it is best to disable it. There are other ways with exchange to change the smtp banner, and blocking the ESMTP commands can cause repeated reception of email, etc. FInally, it is not as if you are running fixup protocol smtp you can avoid patching your mail server anyhow, as there are likely smtp vulnerabilites in your implimentation that could be perceived by the pix as legitimate.

rmorrow · ‎03-03-2004

Rajesh,

The fixup protocol does many different things, such as allowing active FTP to go through the PIX. The SMTP fixup protocol, in addition to the banner stripping, only allows certain RFC 821 commands to go through the PIX. These commands are DATA, HELO, MAIL, NOOP, QUIT, RCPT, and RSET. All other commands are rejected and result in a "500 Command unknown: 'XXX'" error message. You can reference the command reference for your particular software version.

rajeshk500 · ‎03-05-2004

thanx for response

regards,

rajesh