Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

RE: Exchange Server 2000 and Cisco Pix
From: yehuda <yehuda () essutton com>
Date: Tue, 22 May 2001 13:57:33 -0400

fixup is smtp inspection. to turn it off use:
clear fixup protocol smtp 25
 or
no fixup smtp
check the documentation on the website for exact command syntax.
from cisco's website:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com
mands.htm
(this is the command reference for cisco pix 5.3)
fixup protocol smtp

The fixup protocol smtp command enables the Mail Guard feature, which only
lets mail servers receive the RFC 821, section 4.5.1 commands of HELO, MAIL,
RCPT, DATA, RSET, NOOP, and QUIT. All other commands are rejected with the
"500 command unrecognized" reply code.
As of version 5.1 and later, the fixup protocol smtp command changes the
characters in the SMTP banner to asterisks except for the "2", "0", "0 "
characters. Carriage return (CR) and linefeed (LF) characters are ignored. 
In version 4.4, all characters in the SMTP banner are converted to
asterisks.

if you are using authenticated smtp to retrieve email, the pix will block
the "auth" command which is trying to authenticate.
If you are not using authenticated smtp, then the problem is in some other
part of your comfiguration.
-----Original Message-----
From: Christoph Puetz [SMTP:puetzc () yahoo com]
Sent: Monday, May 21, 2001 12:55 PM
To:   firewall-wizards () nfr com
Subject:      [fw-wiz] Exchange Server 2000 and Cisco Pix

Hello wizards,

I have a newly installed Exchange Server 2000 behind
my Pix and did receive an error from a mail client
when trying to connect to the Exchange server.
Microsoft refers to Cisco without really being
specific - at least I could not find the solution at
Cisco's web page. Anyone here knows what I have to do?

Here's MS solution (Article ID: Q295164) for the
problem:

"RESOLUTION
To resolve this issue, disable SMTP inspection on the
firewall. If you do not know the command to disable
SMTP inspection, contact Cisco." 

Is this the fixup command I have to use and disable
smtp? 

Thanks for your help in advance!

C.

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]