[c-nsp] PIX error using fixup smtp

Mike Sawicki fifi at HAX.ORG
Wed Nov 10 20:47:08 EST 2004 

On Wed, Nov 10, 2004 at 08:35:17PM -0500, Paul Stewart wrote:
> Yes... Happens to us when running mail servers behind PIX.. We end up
> turning off fixup on SMTP.. Perhaps better answer but that's what we
> always do
> 
> Paul
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Brian Feeny
> Sent: Wednesday, November 10, 2004 5:32 PM
> To: 'cisco-nsp at puck.nether.net'
> Subject: [c-nsp] PIX error using fixup smtp
> 
> 
> 
> 
> I have a PIX running 6.3(3) and it has fixup smtp enabled.
> 
> When a remote client tries to send an unsupported command, such as  
> EHLO, i am seeing
> the mailserver drop the connection immediatly.  On the pix the  
> following is logged:
> 
> pixfirewall# smtp_response: (192.168.1.9/25 -> 207.254.193.98/56062)
> smtp_cmd: (192.168.1.9/25 <- 207.254.193.98/56062)
>          smtp_cmd: initial cmd = ehlo , enter reply mode
>          smtp: nullify <ehlo > command
> smtp_response: (192.168.1.9/25 -> 207.254.193.98/56062)
>          entering command mode
> out-of-order segment (192.168.1.9/25 -> 207.254.193.98/56062)
>           received = 68131394, expected = 68131367
> pixfirewall# smtp_response: (192.168.1.9/25 -> 199.181.134.30/53591)
> smtp_cmd: (192.168.1.9/25 <- 199.181.134.30/53591)
>          smtp_cmd: initial cmd = ehlo , enter reply mode
>          smtp: nullify <ehlo > command
> smtp_response: (192.168.1.9/25 -> 199.181.134.30/53591)
>          entering command mode
> out-of-order segment (192.168.1.9/25 -> 199.181.134.30/53591)
>           received = 68136337, expected = 68136310
> smtp_cmd: (192.168.1.9/25 <- 199.181.134.30/53591)
>          smtp_cmd: cmd = helo  entering reply mode
> out-of-order segment (192.168.1.9/25 <- 199.181.134.30/53591)
>           received = 3280724322, expected = 3280724291
>          rollback next sequence 3280724322 by 31 bytes
>          packet: <>
> out-of-order segment (192.168.1.9/25 <- 199.181.134.30/53591)
>           received = 3280724322, expected = 3280724291
> 
> 
> The Mail server software is 4D WebStar (runs on mac osx).  Does anyone  
> know of any issues with the pix code
> that may be happening here?  This is a PIX501.
> 
> 

Yeah, turn off smtp fixup.  I'm not sure that I've heard of a single
shop using it with success.

-- 
Mike Sawicki (fifi at HAX.ORG)

More information about the cisco-nsp mailing list