[c-nsp] PIX error using fixup smtp

Brian Feeny signal at shreve.net
Fri Nov 12 18:47:08 EST 2004


Gert,

Thats like putting an ACL on your Serial interface that says "permit  
tcp only"
and then complaining that it breaks udp.

When you put "fixup protocol smtp" on the PIX, your putting a filter on  
that port,
a filter that is only going to allow SMTP commands.  Since ESMTP is not  
SMTP,
they will not be allowed.  Some people think that its job is just to  
inspect SMTP
commands, but in reality its a filter and will only allow SMTP.

Brian


On Nov 12, 2004, at 3:51 PM, Gert Doering wrote:

> Hi,
>
> On Fri, Nov 12, 2004 at 03:39:46PM -0600, Brian Feeny wrote:
>> There is a large mis/dis information campaign out there on "fixup
>> protocol" and that in itself bothers me.  It would seem
>> that alot of people out there confuse the terms SMTP and ESMTP, and
>> somehow got in there head that fixup smtp had
>> anything to do with ESMTP.
>
> Ummm, well, it has - "fixup smtp" breaks ESMTP, which I consider to be  
> a
> bad thing.   Doesn't that mean "fixup smtp has something to do with  
> ESMTP"?
>
> gert
>
> --  
> USENET is *not* the non-clickable part of WWW!
>                                                             
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany                              
> gert at greenie.muc.de
> fax: +49-89-35655025                         
> gert at net.informatik.tu-muenchen.de
>
------------------------------------------------------------------------ 
------
Brian Feeny, CCIE #8036, CISSP    	e: signal at shreve.net
Network Engineer           			p: 318.213.4709
ShreveNet Inc.             			f: 318.221.6612

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20041112/4d200808/PGP.bin


More information about the cisco-nsp mailing list