Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MAILGuard issues

hello,

I need to enable the AUTH SMTP command so my users can relay e-mail from my IIS 5.0 SMTP server. Is there a way, that you know of, to turn on certain commands like AUTH, or other mailguard restricted commands while keeping the rest filtered? Just open up as small a hole as possible without opening it up wide?

I am running 6.3.1 IOS

Thanks a lot

Jeff

6 REPLIES
Cisco Employee

Re: MAILGuard issues

No sorry, it's either all or nothing. You're talking about ESMTP features, which are being discussed right now and will be implemented in a future release of PIX code (can't give you a version as yet cause we don't know yet).

New Member

Re: MAILGuard issues

Thanks for the reply. One final question.

With MAILGuard enabled, I know now that I will not be able to authenticate to the smtp server from the internet, however, I am also not able to authenticate to the SMTP server when I am VPNed in. Is this normal? My understanding was that all VPN/PPTP traffic bypasses conduit/ACL/fixup entries that would normally restrict it, and just passes it through. This does not seem to be the case, can you elaborate on why VPN traffic is not left un-filtered, and if there is a way to pass through all VPN traffic without filtering out anything?

Thanks a lot

Jeff

New Member

Re: MAILGuard issues

Hi Jeff -

Do you have the 'sysopt connection permit-ipsec' option enabled? That is the command that allows IPSec traffic to pass through without a check against ACLs...

Also, the 'sysopt ipsec pl-compatible' command bypasses NAT for IPSec...

Hope that helps...???

New Member

Re: MAILGuard issues

Yes, I have those commands enabled, plus the sysopt conn permit-pptp.

Got any other ideas?

Thanks

Jeff

New Member

Re: MAILGuard issues

Do you know what ports/protocols SMTP authentication uses? Does it only use IP, or would it use another protocol (such as ESP or AH)? Are you also encrypting the SMTP?

New Member

Re: MAILGuard issues

all SMTP traffic is on port 25. TCP.

ESP and AH are at a different level than IP/TCP, so they are not really involved with the SMTP communication at all.

Jeff

264
Views
0
Helpful
6
Replies
CreatePlease to create content