it blocks the banner that the smtp server will send, i.e:
220 sakharov.ostiguy.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Wed, 3 Mar 2004 06:55:40 -0500
and replaces it with *'s.
More importantly, it blocks any ESMTP verbs from being used. This will almost assuredly cause any version of MS exchange to have problems, as well as some other mailers.
If you use exchange, it is best to disable it. There are other ways with exchange to change the smtp banner, and blocking the ESMTP commands can cause repeated reception of email, etc. FInally, it is not as if you are running fixup protocol smtp you can avoid patching your mail server anyhow, as there are likely smtp vulnerabilites in your implimentation that could be perceived by the pix as legitimate.
The fixup protocol does many different things, such as allowing active FTP to go through the PIX. The SMTP fixup protocol, in addition to the banner stripping, only allows certain RFC 821 commands to go through the PIX. These commands are DATA, HELO, MAIL, NOOP, QUIT, RCPT, and RSET. All other commands are rejected and result in a "500 Command unknown: 'XXX'" error message. You can reference the command reference for your particular software version.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...