[69152] in North American Network Operators' Group
Re: disabling SMTP
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Sun Mar 28 09:09:40 2004
Date: Sun, 28 Mar 2004 19:38:57 +0530
From: Suresh Ramasubramanian <suresh@outblaze.com>
To: Rob Nelson <ronelson@vt.edu>
Cc: Richard Welty <rwelty@averillpark.net>, nanog@merit.edu
In-Reply-To: <6.0.3.0.1.20040328085914.024b4e20@pop.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
[3/28/2004 7:29 PM] Rob Nelson :
> Could you elaborate on this? I use PIX firewalls all over the place and
> don't seem to have a problem with SMTP or ESMTP.
Check whether "smtp fixup" is enabled - and if it is, disable it using
# no fixup protocol smtp 25
Test the results (from an outside host, using netcat / telnet to port
25) to see for yourself.
Briefly, a pix doing "smtp fixup" -
* Munges the smtp banner entirely with ***** (that breaks an rfc or two)
* Disables ESMTP (so EHLO will not be accepted)
* Munges several replies returned by the mailserver, turning them to XXX
srs
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
