Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
208
Views
5
Helpful
2
Replies

PIX506E 30second timer on incoming SMTP from outside interface

mark.tutton
Level 1
Level 1

‎11-07-2006 02:28 PM - edited ‎03-09-2019 04:48 PM

Hi,

I have tried to configure a PIX506e v6.3 so that incoming smtp data arriving on the outside interface is directed to a Novell groupwise email server on the inside. But it does not work. To fault find I have mimicked an incoming email by connecting a PC directly to the PIX outside interface (via crossover cable) and by using 'telnet (server IP address) 25'. The logging on PIX shows connection establishes ok, but I do not get a connection (ie a response from the server on the inside network)until exactly 30 seconds has elasped. I then connected a PC on the inside network (to eliminate the PIX and to ensure email server ok)and connected to email server all ok. I have implemented 'no fixup smtp 25' on pix. There is a definate 30 sec delay caused by something configured on the PIX. I have connected a sniffer to monitor the mail server and then compared a conversation between a PC on the inside talking to the mail server on inside and a PC on the outside to the mail server on inside and there is no difference in the traces (other than the obvious - addresses/seq numbers etc).

Has anybody got any ideas. If you have I would really appreciate some help (I've been on this hours).

Kind regards

Mark

Labels:
0 Helpful
2 Replies 2

jgervia_2
Level 1
Level 1

‎11-07-2006 04:14 PM

Hello,

This sounds like a DNS issue - your mail server you are connecting to is probably attempting to do a reverse-lookup on the IP address that is initiating to it. Inbound, this works because your hosts are either in DNS or your nameserver replies that it doesn't have an entry for it.

I would try adding a host entry on your server for whatever IP address is initiating to it (not sure if you're translating it on the pix or not), and see if that resolves the issue.

There's an outside chance that identd could be involved, but I'm betting it's DNS.

--Jason

Please rate this message if it helps resolve some or all of the issue.

mark.tutton
Level 1
Level 1

‎11-08-2006 08:59 AM

Hi Jason,

The good news is I fixed the problem this morning (after a good nights sleep) by sniffing all conversations from the mail server and spotted a reverse DNS lookup trying to be performed and allowed through PIX and fixed problem.

The bad news is I have only just received your solution. However, you were spot on - well done.

Thanks for responding and I hope this solution will help others in the future.

regards

Mark

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents