Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

pix 6.1 fixup protocol smtp command help requested

Hi,

When I institute a fixup protocol smtp 25 on my pix 515/6.1, I can no longer

telnet to my smtp server and perform a sample smtp conversation

I have the pix's external interface as the global PAT/NAT address, and it is port forwarding smtp to an internal server.

When fixup protocol smtp is off, I can telnet in to the smtp server just fine, so the port forwarding is working, and the access list is as well.

However, when I turn on fixup protocol smtp 25, I get the banner with the characters rewritten with asterisks, but it doesn't respond to any of the commands I issue, including valid ones.

Any ideas?

Thanks

4 REPLIES
Community Member

Re: pix 6.1 fixup protocol smtp command help requested

Hello,

The idea with smtp fixup is to restrict the protocols command set to RFC compliant commands. Your questions really depends on what it is you are trying to accomplish by telneting to your smtp host from the outside and what commands you are running on the mailer service.

The fixup works to hide the type of smtp service that is presented to the outside world by removing or replacing the smtp banner that is displayed when telneting to port 25. If you are able to telnet to that port from the outside, than as far as the smtp service is concerned the outside world will be able to establish RFC compliant connections to your smtp host.

Hope this helps....

Jason Parrish

jparrish@rightsys.com

Community Member

Re: pix 6.1 fixup protocol smtp command help requested

hi Jason,

Thanks for the reply. I am attempting to do a basic SMTP conversation - e.g.

HELO fromdomain.com

MAIL From:<somebody@somedomain.com>

RCPT To:<user@insidedomain.com>

DATA

now is the time for all good men...

.

QUIT

----------

However basically nothing happens after the substituted banner output. I am concerned that if I turn the fixup command on for protocol SMTP that inbound mail will get stuck. I was hoping to verify the SMTP protocol manually before turning it over.

-John

bz
Community Member

Re: pix 6.1 fixup protocol smtp command help requested

I had the exact same problem. I had to turn mail guard off because mail wasn't coming in.

Community Member

Re: pix 6.1 fixup protocol smtp command help requested

RESOLUTION

It appears that the SMTP traffic flows correctly with the fixup protocol smtp 25 command turned on, even though after doing so you cannot telnet to port 25 through the pix and perform a test SMTP dialogue

-John

211
Views
0
Helpful
4
Replies
CreatePlease to create content