[c-nsp] PIX error using fixup smtp

Brian Feeny signal at shreve.net
Wed Nov 10 17:31:35 EST 2004 


I have a PIX running 6.3(3) and it has fixup smtp enabled.

When a remote client tries to send an unsupported command, such as  
EHLO, i am seeing
the mailserver drop the connection immediatly.  On the pix the  
following is logged:

pixfirewall# smtp_response: (192.168.1.9/25 -> 207.254.193.98/56062)
smtp_cmd: (192.168.1.9/25 <- 207.254.193.98/56062)
         smtp_cmd: initial cmd = ehlo , enter reply mode
         smtp: nullify <ehlo > command
smtp_response: (192.168.1.9/25 -> 207.254.193.98/56062)
         entering command mode
out-of-order segment (192.168.1.9/25 -> 207.254.193.98/56062)
          received = 68131394, expected = 68131367
pixfirewall# smtp_response: (192.168.1.9/25 -> 199.181.134.30/53591)
smtp_cmd: (192.168.1.9/25 <- 199.181.134.30/53591)
         smtp_cmd: initial cmd = ehlo , enter reply mode
         smtp: nullify <ehlo > command
smtp_response: (192.168.1.9/25 -> 199.181.134.30/53591)
         entering command mode
out-of-order segment (192.168.1.9/25 -> 199.181.134.30/53591)
          received = 68136337, expected = 68136310
smtp_cmd: (192.168.1.9/25 <- 199.181.134.30/53591)
         smtp_cmd: cmd = helo  entering reply mode
out-of-order segment (192.168.1.9/25 <- 199.181.134.30/53591)
          received = 3280724322, expected = 3280724291
         rollback next sequence 3280724322 by 31 bytes
         packet: <>
out-of-order segment (192.168.1.9/25 <- 199.181.134.30/53591)
          received = 3280724322, expected = 3280724291


The Mail server software is 4D WebStar (runs on mac osx).  Does anyone  
know of any issues with the pix code
that may be happening here?  This is a PIX501.


Brian



------------------------------------------------------------------------ 
------
Brian Feeny, CCIE #8036, CISSP    	e: signal at shreve.net
Network Engineer           			p: 318.213.4709
ShreveNet Inc.             			f: 318.221.6612
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20041110/e94d84e0/PGP.bin

More information about the cisco-nsp mailing list