setup an access list with the hosts in it and port 25. use the capture command to setup a capture on both interfaces. See which side is sending the reset (the real host, or the firewall)
---- Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 > -----Original Message----- > From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- > boun...@puck.nether.net] On Behalf Of Steven Pfister > Sent: Friday, February 27, 2009 4:00 PM > To: cisco-nsp@puck.nether.net > Subject: [c-nsp] PIX causing problems with TLS esmtp session > > There is one particular outside mail server we're having trouble > sending to. Basically, our server (Groupwise) does an EHLO, and the > other server offers STARTTLS. Our server sends a STARTTLS, sends a few > bytes of encrypted data, and then the other server sends a RST. > > If we try a test server outside the PIX, everything is fine. > > I've looked at "no fixup protocol smtp 25" and "no inspect esmtp" and > those already seem to be in place. > > Could the pix be doing something with the certificate? Could esmtp > inspection still be on? > > Thanks! > > Steve Pfister > Technical Coordinator, > The Office of Information Technology > Dayton Public Schools > 115 S. Ludlow St. > Dayton, OH 45402 > > Office (937) 542-3149 > Cell (937) 673-6779 > Direct Connect: 137*131747*8 > Email spfis...@dps.k12.oh.us > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
