Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Receiving multiple copies of same inbound message

We are receiving multiple copies of the same inbound message, although not all messages are duplicated. In checking MSKB, I found article Q295725. It states that the cause is a PIX firewall using Mailguard. I tried the test for Mailguard (telnet to port 25 of our exchange server from outside) but telnet hung. I am running PIXUR, version 5.3(2). Is this the only way to tell if Mailguard is running? How do I turn it off? I have searched the Cisco KB and according to the "SMTP Filtering Vulnerability" page, this issue was prior to version 5.3(2). Any information would be helpful. Thanks, Carolyn

4 REPLIES
Cisco Employee

Re: Receiving multiple copies of same inbound message

Carolyn,

MailGuard is the "fixup smtp ..." command in your configuration.

It sounds like you are having "fixup smtp" problems. The fixup disables certain insecure capabilities in SMTP transfers. Look for message in your syslog that correspond to the inbound messages.

Check your PIX configuration to see if "fixup smtp ..." is in there. If so, from config mode execute a "no fixup smtp ...".

Liberty for All,

Brian

New Member

Re: Receiving multiple copies of same inbound message

Brian,

Thank you for replying. Hope you had a good holiday.

I am fairly new to PIX, so please pardon the 'newbie' questions. I know there is the 'fixup smtp ..." in the configuration. If I disable "fixup smtp ...", will that affect our email functionality? The email server sits in the DMZ, between the PIX and our internal network (token ring) and is running OWA.

Thanks, in advance, for any information you may send.

Carolyn

Cisco Employee

Re: Receiving multiple copies of same inbound message

Carolyn,

Thanks.

So MailGuard enforces RFC 822 on the connection between mail hosts protected by the PIX. RFC 822 is a best practices document about the security of SMTP commands.

The PIX is looking at the connection and filtering messages that pass between the hosts. The PIX MailGuard assumes that the connection is an SMTP (Simple Mail Transfer Protocol) connection and uses that to literally overwrite some fields that leak information and just not allow several SMTP commands. The problem is that Microsoft Exchange implements ESTMP. The connection looks like SMTP but has a number of extensions. MailGuard still tries to "fixup" this connection.

If you turn off MailGuard you should go back to the MS KB and look at ways you can better secure your Exchange Server.

Liberty for All,

Brian

New Member

Re: Receiving multiple copies of same inbound message

Brian et al,

I just turned off MailGuard on our PIX. I delayed because our CIO was reluctant to "unprotect" our email server. However, we began experiencing extremely long delivery times from certain sources (primarily attbi.com) as well as duplicate messages.

My question is, do you have any suggestions for securing our Exchange Server? Especially ones you know for sure work. I am actively researching the KB.

Thanks and Happy Holidays.

Carolyn

91
Views
0
Helpful
4
Replies
CreatePlease login to create content