Issue
The Mirapoint appliance is behind a Cisco PIX firewall and it is rejecting my mail.
When I telnet to the SMTP port on the Mirapoint mail server, I get a strange header string, for example:
220 ****************************************0**************2000*0*****2**0*00 *****
A "500 command unrecognized" error is then returned for any extended SMTP (ESMTP) command.
Why does this firewall change the string?
Solution
If your Mirapoint appliance is rejecting mail, telnet into port 25:
- If you do not see the Mirapoint header, you are not talking to the Mirapoint appliance.
- If you see the string provided above, you are talking to the PIX firewall.
Some versions of the PIX firewall do not handle ESMTP commands. The Mailguard feature of Cisco secure PIX firewall intercepts all traffic on port 25 and passes only basic SMTP commands (those specified in RFC 821). It rejects the newer ESMTP commands such as EHLO and AUTH. For more information, see your Cisco documentation. To bypass this, turn off the Mailguard feature:
- Log on to the PIX firewall, either by establishing a telnet session or by using the console.
- Type enable, and then press ENTER.
- When prompted for your password, enter your password, and then press ENTER.
- Type configure terminal and then press ENTER.
- Type "no fixup protocol smtp 25" and then press ENTER.
- Type "write memory" and then press ENTER.
- Restart or reload the PIX firewall.
Comments
0 comments
Please sign in to leave a comment.