[c-nsp] PIX error using fixup smtp

Brian Feeny signal at shreve.net
Fri Nov 12 11:06:29 EST 2004


Why what happens?  I can tell you, without exageration, I have read,  
and understand everything that is out there
on fixup protocol 25/mailguard.

Sending a EHLO to the mailserver, thru fixup protocol 25 should not  
cause an error and the connection to be
dropped.  It should simply return "502 unimplemented (#5.5.1)".

Brian

On Nov 12, 2004, at 9:45 AM, Hudson Delbert J Contr 61 CS/SCBN wrote:

> anybody happen to READ the PIX manuals???
>
> it is explicitly explained why this happens?
>
> hate to say this but rtfm flks.
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Paul Stewart
> Sent: Wednesday, November 10, 2004 5:35 PM
> To: 'Brian Feeny'; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] PIX error using fixup smtp
>
>
> Yes... Happens to us when running mail servers behind PIX.. We end up
> turning off fixup on SMTP.. Perhaps better answer but that's what we
> always do
>
> Paul
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Brian Feeny
> Sent: Wednesday, November 10, 2004 5:32 PM
> To: 'cisco-nsp at puck.nether.net'
> Subject: [c-nsp] PIX error using fixup smtp
>
>
>
>
> I have a PIX running 6.3(3) and it has fixup smtp enabled.
>
> When a remote client tries to send an unsupported command, such as
> EHLO, i am seeing
> the mailserver drop the connection immediatly.  On the pix the
> following is logged:
>
> pixfirewall# smtp_response: (192.168.1.9/25 -> 207.254.193.98/56062)
> smtp_cmd: (192.168.1.9/25 <- 207.254.193.98/56062)
>          smtp_cmd: initial cmd = ehlo , enter reply mode
>          smtp: nullify <ehlo > command
> smtp_response: (192.168.1.9/25 -> 207.254.193.98/56062)
>          entering command mode
> out-of-order segment (192.168.1.9/25 -> 207.254.193.98/56062)
>           received = 68131394, expected = 68131367
> pixfirewall# smtp_response: (192.168.1.9/25 -> 199.181.134.30/53591)
> smtp_cmd: (192.168.1.9/25 <- 199.181.134.30/53591)
>          smtp_cmd: initial cmd = ehlo , enter reply mode
>          smtp: nullify <ehlo > command
> smtp_response: (192.168.1.9/25 -> 199.181.134.30/53591)
>          entering command mode
> out-of-order segment (192.168.1.9/25 -> 199.181.134.30/53591)
>           received = 68136337, expected = 68136310
> smtp_cmd: (192.168.1.9/25 <- 199.181.134.30/53591)
>          smtp_cmd: cmd = helo  entering reply mode
> out-of-order segment (192.168.1.9/25 <- 199.181.134.30/53591)
>           received = 3280724322, expected = 3280724291
>          rollback next sequence 3280724322 by 31 bytes
>          packet: <>
> out-of-order segment (192.168.1.9/25 <- 199.181.134.30/53591)
>           received = 3280724322, expected = 3280724291
>
>
> The Mail server software is 4D WebStar (runs on mac osx).  Does anyone
> know of any issues with the pix code
> that may be happening here?  This is a PIX501.
>
>
> Brian
>
>
>
> ----------------------------------------------------------------------- 
> -
>
> ------
> Brian Feeny, CCIE #8036, CISSP    	e: signal at shreve.net
> Network Engineer           			p: 318.213.4709
> ShreveNet Inc.             			f: 318.221.6612
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
---------------------------------------------
Brian Feeny, CCIE #8036, CISSP
Network Engineer
ShreveNet Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20041112/cb721df3/PGP.bin


More information about the cisco-nsp mailing list