[c-nsp] PIX error using fixup smtp

Brian Feeny signal at shreve.net
Fri Nov 12 11:08:29 EST 2004 

Please clarify what you're referring to.  I am getting the idea, you 
have a base understanding of mailguard, and somehow think
it drops tcp connections when it receives commands that are not allowed 
such as EHLO.

Brian


On Nov 12, 2004, at 9:58 AM, Hudson Delbert J Contr 61 CS/SCBN wrote:

> or rtfm....
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Cisco List
> Sent: Wednesday, November 10, 2004 5:13 PM
> To: cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] PIX error using fixup smtp
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Try
> 	no fixup protocol smtp
>
> That should take care of the issue.  PIX SMTP fixup is poorly named
> because it seems to break more than it fixes.  It is widely
> considered to be junk and most folks will turn it off.  If you need
> to have it working I'd suggest opening a TAC case and get your e-mail
> software vendor/manufacturer involved as well and let them sort it
> out.
>
> Good luck,
> Chad
>
> - ----------------------------
> Chad E Skidmore
> One Eighty Networks, Inc.
> http://www.go180.net
> 509-688-8180
>
>
> - -----Original Message-----
> From: Brian Feeny [mailto:signal at shreve.net]
> Posted At: Wednesday, November 10, 2004 2:32 PM
> Posted To: Cisco List
> Conversation: [c-nsp] PIX error using fixup smtp
> Subject: [c-nsp] PIX error using fixup smtp
>
>
>
>
> I have a PIX running 6.3(3) and it has fixup smtp enabled.
>
> When a remote client tries to send an unsupported command, such as
> EHLO, i am seeing the mailserver drop the connection immediatly.  On
> the pix the following is logged:
>
> pixfirewall# smtp_response: (192.168.1.9/25 -> 207.254.193.98/56062)
> smtp_cmd: (192.168.1.9/25 <- 207.254.193.98/56062)
>          smtp_cmd: initial cmd = ehlo , enter reply mode
>          smtp: nullify <ehlo > command
> smtp_response: (192.168.1.9/25 -> 207.254.193.98/56062)
>          entering command mode
> out-of-order segment (192.168.1.9/25 -> 207.254.193.98/56062)
>           received = 68131394, expected = 68131367 pixfirewall#
> smtp_response: (192.168.1.9/25 -> 199.181.134.30/53591)
> smtp_cmd: (192.168.1.9/25 <- 199.181.134.30/53591)
>          smtp_cmd: initial cmd = ehlo , enter reply mode
>          smtp: nullify <ehlo > command
> smtp_response: (192.168.1.9/25 -> 199.181.134.30/53591)
>          entering command mode
> out-of-order segment (192.168.1.9/25 -> 199.181.134.30/53591)
>           received = 68136337, expected = 68136310
> smtp_cmd: (192.168.1.9/25 <- 199.181.134.30/53591)
>          smtp_cmd: cmd = helo  entering reply mode out-of-order
> segment (192.168.1.9/25 <- 199.181.134.30/53591)
>           received = 3280724322, expected = 3280724291
>          rollback next sequence 3280724322 by 31 bytes
>          packet: <>
> out-of-order segment (192.168.1.9/25 <- 199.181.134.30/53591)
>           received = 3280724322, expected = 3280724291
>
>
> The Mail server software is 4D WebStar (runs on mac osx).  Does
> anyone know of any issues with the pix code that may be happening
> here?  This is a PIX501.
>
>
> Brian
>
>
>
> - 
> ----------------------------------------------------------------------
> - --
> - ------
> Brian Feeny, CCIE #8036, CISSP    	e: signal at shreve.net
> Network Engineer           			p: 318.213.4709
> ShreveNet Inc.             			f: 318.221.6612
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.1
>
> iQA/AwUBQZK8p02RUJ5udBnvEQKaIwCgw7TB1xURWE5GdhnI+1/rMOeIu8wAnR9e
> RAzpo6wAJdzk6V8gdq/dasKi
> =OS//
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20041112/0141031a/PGP.bin

More information about the cisco-nsp mailing list