cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
455
Views
0
Helpful
6
Replies

MAILGuard issues

jdepies
Level 1
Level 1

hello,

I need to enable the AUTH SMTP command so my users can relay e-mail from my IIS 5.0 SMTP server. Is there a way, that you know of, to turn on certain commands like AUTH, or other mailguard restricted commands while keeping the rest filtered? Just open up as small a hole as possible without opening it up wide?

I am running 6.3.1 IOS

Thanks a lot

Jeff

6 Replies 6

gfullage
Cisco Employee
Cisco Employee

No sorry, it's either all or nothing. You're talking about ESMTP features, which are being discussed right now and will be implemented in a future release of PIX code (can't give you a version as yet cause we don't know yet).

Thanks for the reply. One final question.

With MAILGuard enabled, I know now that I will not be able to authenticate to the smtp server from the internet, however, I am also not able to authenticate to the SMTP server when I am VPNed in. Is this normal? My understanding was that all VPN/PPTP traffic bypasses conduit/ACL/fixup entries that would normally restrict it, and just passes it through. This does not seem to be the case, can you elaborate on why VPN traffic is not left un-filtered, and if there is a way to pass through all VPN traffic without filtering out anything?

Thanks a lot

Jeff

Hi Jeff -

Do you have the 'sysopt connection permit-ipsec' option enabled? That is the command that allows IPSec traffic to pass through without a check against ACLs...

Also, the 'sysopt ipsec pl-compatible' command bypasses NAT for IPSec...

Hope that helps...???

Yes, I have those commands enabled, plus the sysopt conn permit-pptp.

Got any other ideas?

Thanks

Jeff

Do you know what ports/protocols SMTP authentication uses? Does it only use IP, or would it use another protocol (such as ESP or AH)? Are you also encrypting the SMTP?

all SMTP traffic is on port 25. TCP.

ESP and AH are at a different level than IP/TCP, so they are not really involved with the SMTP communication at all.

Jeff

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: