04-29-2003 07:07 PM - edited 03-09-2019 03:05 AM
hello,
I need to enable the AUTH SMTP command so my users can relay e-mail from my IIS 5.0 SMTP server. Is there a way, that you know of, to turn on certain commands like AUTH, or other mailguard restricted commands while keeping the rest filtered? Just open up as small a hole as possible without opening it up wide?
I am running 6.3.1 IOS
Thanks a lot
Jeff
04-29-2003 08:57 PM
No sorry, it's either all or nothing. You're talking about ESMTP features, which are being discussed right now and will be implemented in a future release of PIX code (can't give you a version as yet cause we don't know yet).
05-01-2003 07:36 AM
Thanks for the reply. One final question.
With MAILGuard enabled, I know now that I will not be able to authenticate to the smtp server from the internet, however, I am also not able to authenticate to the SMTP server when I am VPNed in. Is this normal? My understanding was that all VPN/PPTP traffic bypasses conduit/ACL/fixup entries that would normally restrict it, and just passes it through. This does not seem to be the case, can you elaborate on why VPN traffic is not left un-filtered, and if there is a way to pass through all VPN traffic without filtering out anything?
Thanks a lot
Jeff
05-01-2003 03:23 PM
Hi Jeff -
Do you have the 'sysopt connection permit-ipsec' option enabled? That is the command that allows IPSec traffic to pass through without a check against ACLs...
Also, the 'sysopt ipsec pl-compatible' command bypasses NAT for IPSec...
Hope that helps...???
05-01-2003 03:27 PM
Yes, I have those commands enabled, plus the sysopt conn permit-pptp.
Got any other ideas?
Thanks
Jeff
05-02-2003 10:16 AM
Do you know what ports/protocols SMTP authentication uses? Does it only use IP, or would it use another protocol (such as ESP or AH)? Are you also encrypting the SMTP?
05-02-2003 01:06 PM
all SMTP traffic is on port 25. TCP.
ESP and AH are at a different level than IP/TCP, so they are not really involved with the SMTP communication at all.
Jeff
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: