Re: [mailop] Cisco PIX Mailguard Oddity

> From: Steve Atkins > > Yes they can, but I've seen PIXes inexplicably get into a state where they > reject everything. > Just to pile on with all the other email experts, smtp_f*ckup is the worst "feature" ever implemented on a "security" device. Not only does it kill your ability to

Re: [mailop] Cisco PIX Mailguard Oddity

On 6 May 2016, at 9:05, Todd Herr wrote: On Thu, May 5, 2016 at 10:10 PM, Dave Warren wrote: Given that RFC 821 is from August of 1982, I would wholeheartedly recommend unplugging them until they catch up to at least 1984, or if that's not possible, at least disable the

Re: [mailop] Cisco PIX Mailguard Oddity

If your network people think they can do a better job than your mail people, then give them the management of your mail servers, otherwise, tell them to disable cisco fixup (or whatever it is called nowadays). On Fri, May 6, 2016 at 8:15 AM, Steve Atkins wrote: > > > On May

Re: [mailop] Cisco PIX Mailguard Oddity

> On May 6, 2016, at 6:04 AM, Todd Herr wrote: > > > On Thu, May 5, 2016 at 9:00 PM, Steve Atkins wrote: > I've seen them do that when they get out of sequence. Are you doing the > transaction above by hand (and with a real HELO and so on), or is it

Re: [mailop] Cisco PIX Mailguard Oddity

On Thu, May 5, 2016 at 9:00 PM, Steve Atkins wrote: > I've seen them do that when they get out of sequence. Are you doing the > transaction above by hand (and with a real HELO and so on), or is it from > MTA logs? ​By hand, real HELO and MAIL FROM, followed by RSET or QUIT,

Re: [mailop] Cisco PIX Mailguard Oddity

Dave Warren wrote: > > They're broken by design and not fit for purpose. Among their many flaws, they > don't even make it to RFC821 3.1, the MAIL command, which is described as the > following: > > MAIL FROM: > > Instead, when they receive a "M" in a packet alone, they

Re: [mailop] Cisco PIX Mailguard Oddity

The Cisco PIX rears its ugly head yet again. http://www.spamresource.com/2009/12/receiving-duplicate-list-messages.html Cheers, Al -- Al Iverson www.aliverson.com (312)725-0130 On Thu, May 5, 2016 at 8:00 PM, Steve Atkins wrote: > >> On May 5, 2016, at 5:08 PM, Todd Herr

Re: [mailop] Cisco PIX Mailguard Oddity

On 2016-05-05 17:08, Todd Herr wrote: Forgive me if this is off topic, but I don't know where else to turn. I've got a customer who's having trouble sending mail to two domains with nothing obvious (to me) in common save for one thing; both domain's primary MXen look to be sitting behind

Re: [mailop] Cisco PIX Mailguard Oddity

> On May 5, 2016, at 5:08 PM, Todd Herr wrote: > > Forgive me if this is off topic, but I don't know where else to turn. > > I've got a customer who's having trouble sending mail to two domains with > nothing obvious (to me) in common save for one thing; both domain's

Re: [mailop] Cisco PIX Mailguard Oddity

Common "feature". Cisco devices by default allow only SMTP, not ESMTP. These defaults keep coming back to bite admins, year after year after year. http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113423-asa-esmtp-smtp-inspection.html provides one

[mailop] Cisco PIX Mailguard Oddity

Forgive me if this is off topic, but I don't know where else to turn. I've got a customer who's having trouble sending mail to two domains with nothing obvious (to me) in common save for one thing; both domain's primary MXen look to be sitting behind Cisco PIX devices with Mailguard turned on. I