[c-nsp] PIX error using fixup smtp

Hudson Delbert J Contr 61 CS/SCBN Delbert.Hudson at LOSANGELES.AF.MIL
Fri Nov 12 10:58:53 EST 2004


or rtfm....

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Cisco List
Sent: Wednesday, November 10, 2004 5:13 PM
To: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] PIX error using fixup smtp


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Try
	no fixup protocol smtp

That should take care of the issue.  PIX SMTP fixup is poorly named
because it seems to break more than it fixes.  It is widely
considered to be junk and most folks will turn it off.  If you need
to have it working I'd suggest opening a TAC case and get your e-mail
software vendor/manufacturer involved as well and let them sort it
out.

Good luck,
Chad

- ----------------------------
Chad E Skidmore
One Eighty Networks, Inc.
http://www.go180.net
509-688-8180   
 

- -----Original Message-----
From: Brian Feeny [mailto:signal at shreve.net] 
Posted At: Wednesday, November 10, 2004 2:32 PM
Posted To: Cisco List
Conversation: [c-nsp] PIX error using fixup smtp
Subject: [c-nsp] PIX error using fixup smtp




I have a PIX running 6.3(3) and it has fixup smtp enabled.

When a remote client tries to send an unsupported command, such as
EHLO, i am seeing the mailserver drop the connection immediatly.  On
the pix the following is logged:

pixfirewall# smtp_response: (192.168.1.9/25 -> 207.254.193.98/56062)
smtp_cmd: (192.168.1.9/25 <- 207.254.193.98/56062)
         smtp_cmd: initial cmd = ehlo , enter reply mode
         smtp: nullify <ehlo > command
smtp_response: (192.168.1.9/25 -> 207.254.193.98/56062)
         entering command mode
out-of-order segment (192.168.1.9/25 -> 207.254.193.98/56062)
          received = 68131394, expected = 68131367 pixfirewall#
smtp_response: (192.168.1.9/25 -> 199.181.134.30/53591)
smtp_cmd: (192.168.1.9/25 <- 199.181.134.30/53591)
         smtp_cmd: initial cmd = ehlo , enter reply mode
         smtp: nullify <ehlo > command
smtp_response: (192.168.1.9/25 -> 199.181.134.30/53591)
         entering command mode
out-of-order segment (192.168.1.9/25 -> 199.181.134.30/53591)
          received = 68136337, expected = 68136310
smtp_cmd: (192.168.1.9/25 <- 199.181.134.30/53591)
         smtp_cmd: cmd = helo  entering reply mode out-of-order
segment (192.168.1.9/25 <- 199.181.134.30/53591)
          received = 3280724322, expected = 3280724291
         rollback next sequence 3280724322 by 31 bytes
         packet: <>
out-of-order segment (192.168.1.9/25 <- 199.181.134.30/53591)
          received = 3280724322, expected = 3280724291


The Mail server software is 4D WebStar (runs on mac osx).  Does
anyone know of any issues with the pix code that may be happening
here?  This is a PIX501.


Brian



- ----------------------------------------------------------------------
- --
- ------
Brian Feeny, CCIE #8036, CISSP    	e: signal at shreve.net
Network Engineer           			p: 318.213.4709
ShreveNet Inc.             			f: 318.221.6612


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQZK8p02RUJ5udBnvEQKaIwCgw7TB1xURWE5GdhnI+1/rMOeIu8wAnR9e
RAzpo6wAJdzk6V8gdq/dasKi
=OS//
-----END PGP SIGNATURE-----


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list