Bill is correct. DISABLE fixup to ENABLE ESMTP and SMTP Auth.
>From the PIX manual:
"fixup protocol smtp [port[-port]]
The fixup protocol smtp command enables the Mail Guard feature. This
restricts mail servers to receiving the seven minimal commands defined in
RFC 821, section 4.5.1 (HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT). All
other commands are rejected.
Microsoft Exchange server does not strictly comply with RFC 821 section
4.5.1, using extended SMTP commands such as EHLO. PIX Firewall will convert
any such commands into NOOP commands, which as specified by the RFC, forces
SMTP servers to fall back to using minimal SMTP commands only. This may
cause Microsoft Outlook clients and Exchange servers to function
unpredictably when their connection passes through PIX Firewall.
Use the port option to change the default port assignments from 25. Use the
-port option to apply SMTP application inspection to a range of port
numbers.
As of Version 5.1 and higher, the fixup protocol smtp command changes the
characters in the server SMTP banner to asterisks except for the "2", "0",
"0" characters. Carriage return (CR) and linefeed (LF) characters are
ignored. PIX Firewall Version 4.4 converts all characters in the SMTP banner
to asterisks."
Regards,
Dan Horne, CCNA
Systems Administrator
TAIS Web
Wilcox World Travel & Tours
[EMAIL PROTECTED]
----------------------------------------------------
CONFIDENTIALITY NOTICE:
This email message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the sender
by reply email and destroy all copies of the original message.
>>-----Original Message-----
>>From: [EMAIL PROTECTED]
>>[mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry
>>Sent: Thursday, June 26, 2003 7:21 PM
>>To: [EMAIL PROTECTED]
>>Subject: Re: [Declude.JunkMail] AOL
>>
>>
>>I afraid you have got it backwards. The fixup protocol
>>disables ESMTP, which would include SMTP Auth, because fixup
>>or permits SMTP attributes, but none of the extended
>>atributes. Disabling the fixup protocol allow for ESMTP to
>>pass through the PIX, including SMTP Auth.
>>
>>Bill
>>----- Original Message -----
>>From: "Rick Davidson" <[EMAIL PROTECTED]>
>>To: <[EMAIL PROTECTED]>
>>Sent: Thursday, June 26, 2003 3:04 PM
>>Subject: Re: [Declude.JunkMail] AOL
>>
>>
>>> Correct. It will disable SMTP AUTH as well
>>>
>>> The "fixup" was added to IOS to allow ESMTP
>>>
>>> its quite a pickle
>>>
>>> Rick Davidson
>>> Buckeye Internet Inc
>>> www.buckeyeweb.com
>>> 440-953-1900 ext: 222
>>>
>>> ----- Original Message -----
>>> From: "R. Scott Perry" <[EMAIL PROTECTED]>
>>> To: <[EMAIL PROTECTED]>
>>> Sent: Thursday, June 26, 2003 2:14 PM
>>> Subject: Re: [Declude.JunkMail] AOL
>>>
>>>
>>> >
>>> > >Disabling the SMTP Fixup Protocol at the firewall disables ESMTP
>>> > >and
>>> allows
>>> > >only SMTP
>>> > >
>>> > >Anyone using Imail peering will not be able to disable ESMTP
>>> >
>>> > Does that mean that Cisco firewalls can't be set up not
>>to interfere
>>with
>>> > SMTP transactions?
>>> >
>>> > If enabling the "fixup" protocol breaks RFC-compliance
>>and doesn't
>>> > do
>>all
>>> > that it is supposed to, and disabling it disables SMTP
>>AUTH, those
>>> > firewalls need to be thrown out.
>>> >
>>> > -Scott
>>> > ---
>>> > Declude JunkMail: The advanced anti-spam solution for IMail
>>> > mailservers. Declude Virus: Catches known viruses and is
>>the leader
>>> > in mailserver vulnerability detection. Find out what you
>>have been
>>> > missing: Ask for a free 30-day evaluation.
>>> >
>>> > ---
>>> > [This E-mail was scanned for viruses by Declude Virus
>>> (http://www.declude.com)]
>>> >
>>> > ---
>>> > This E-mail came from the Declude.JunkMail mailing list. To
>>> > unsubscribe, just send an E-mail to [EMAIL PROTECTED],
>>and type
>>> > "unsubscribe Declude.JunkMail". The archives can be found at
>>> > http://www.mail-archive.com.
>>> >
>>> >
>>>
>>> ---
>>> [This E-mail was scanned for viruses by Declude Virus
>>(http://www.declude.com)]
>>>
>>> ---
>>> This E-mail came from the Declude.JunkMail mailing list. To
>>> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
>>> "unsubscribe Declude.JunkMail". The archives can be found at
>>> http://www.mail-archive.com.
>>>
>>
>>---
>>[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail". The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
