[c-nsp] PIX error using fixup smtp

Paul Stewart pauls at nexicom.net
Wed Nov 10 20:35:17 EST 2004 

Yes... Happens to us when running mail servers behind PIX.. We end up
turning off fixup on SMTP.. Perhaps better answer but that's what we
always do

Paul


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Brian Feeny
Sent: Wednesday, November 10, 2004 5:32 PM
To: 'cisco-nsp at puck.nether.net'
Subject: [c-nsp] PIX error using fixup smtp




I have a PIX running 6.3(3) and it has fixup smtp enabled.

When a remote client tries to send an unsupported command, such as  
EHLO, i am seeing
the mailserver drop the connection immediatly.  On the pix the  
following is logged:

pixfirewall# smtp_response: (192.168.1.9/25 -> 207.254.193.98/56062)
smtp_cmd: (192.168.1.9/25 <- 207.254.193.98/56062)
         smtp_cmd: initial cmd = ehlo , enter reply mode
         smtp: nullify <ehlo > command
smtp_response: (192.168.1.9/25 -> 207.254.193.98/56062)
         entering command mode
out-of-order segment (192.168.1.9/25 -> 207.254.193.98/56062)
          received = 68131394, expected = 68131367
pixfirewall# smtp_response: (192.168.1.9/25 -> 199.181.134.30/53591)
smtp_cmd: (192.168.1.9/25 <- 199.181.134.30/53591)
         smtp_cmd: initial cmd = ehlo , enter reply mode
         smtp: nullify <ehlo > command
smtp_response: (192.168.1.9/25 -> 199.181.134.30/53591)
         entering command mode
out-of-order segment (192.168.1.9/25 -> 199.181.134.30/53591)
          received = 68136337, expected = 68136310
smtp_cmd: (192.168.1.9/25 <- 199.181.134.30/53591)
         smtp_cmd: cmd = helo  entering reply mode
out-of-order segment (192.168.1.9/25 <- 199.181.134.30/53591)
          received = 3280724322, expected = 3280724291
         rollback next sequence 3280724322 by 31 bytes
         packet: <>
out-of-order segment (192.168.1.9/25 <- 199.181.134.30/53591)
          received = 3280724322, expected = 3280724291


The Mail server software is 4D WebStar (runs on mac osx).  Does anyone  
know of any issues with the pix code
that may be happening here?  This is a PIX501.


Brian



------------------------------------------------------------------------

------
Brian Feeny, CCIE #8036, CISSP    	e: signal at shreve.net
Network Engineer           			p: 318.213.4709
ShreveNet Inc.             			f: 318.221.6612

More information about the cisco-nsp mailing list