Mail Sentinel SMTP proxy only supports a subset of SMTP commands and does not support ESMTP. This was done on purpose to limit unauthorized access to the internal mail server. The only commands that are acceptable are: HELO, MAIL FROM, RCTP, DATA, RSET, NOOP and QUIT. We've successfully been using this subset of SMTP command in our proxy since 1994.
It's not clear to me what you mean by "we host e-mail services", because this could mean many things. Perhaps you could elaborate. On Friday, January 14, 2005 at 12:52, Christopher A. Congdon wrote: >I have a question about the Mail Sentinel AV and probably about the SMTP >proxy in general. Does GTA's implantation of the SMTP proxy properly >support ESMTP commands (Especially AUTH). Most proxies I have dealt with >seem to ignore/change this command (Cisco's SMTP fixup for instance >changes AUTH into NOOP and changes the return OK into an error). > > > >The reason I ask is because we host e-mail services, but we're not an >ISP. This makes it difficult to restrict legitimate senders by IP range. >We've found ESTMP-AUTH to be the best solution (Unless somebody knows a >better one?) for us. However, due to most proxies trashing ESMTP >commands (From what I understand, Cisco's stance is that ESMTP is a >security risk), I fear to use any sort of proxy on our SMTP. I think I >can still work something out however even if ESMTP won't work through >the proxy. According to RFC2476, port 587 should be used for users >submitting mail into the network. This means I could leave a >proxy/scanner on port 25 to scan everything coming into our network from >the outside (and scan all outbound if it works that way...). This isn't >the ideal solution however since I've found that many pieces of software >that can submit e-mail but aren't really e-mail clients don't like >sending SMTP anywhere but 25. It would also prevent me from checking >'internal' users for viruses. > > > >Additionally, is the AV scanning done on both inbound and outbound >e-mail? > > > >Christopher Congdon > >Network Engineer > >Congdon Web LLC > >317-920-9601 > >------------------------------------------------------ >To unsubscribe: [EMAIL PROTECTED] >For additional commands: [EMAIL PROTECTED] >Archive: http://archives.gnatbox.com/gb-users/ > > -- Paul Emerson Global Technology Associates, Inc. Tel: +1.407.380.0220 http://www.gta.com/ Fax: +1.407.380.6080 Email: [EMAIL PROTECTED] Mob: +1.407.617.7818 AIM: pje1gta ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
