At 12:07 PM -0500 2/20/07, Stefan Jeglinski wrote:
Wanted to run this by everyone in case I'm missing something. I'm
tempted to ask for ideas on dirty tricks to play, but that would not
be appropriate, now would it...
Most certainly not. it is always tempting, but never a good idea...
I have a correspondent, [EMAIL PROTECTED] (please do not send
e-mail to her). She is mostly computer illiterate, but sometimes
seems to know more than her mail admins. We've noticed for some time
that only a relatively small fraction of my e-mails get to her, and
I never get bounces. Often, she tells me that their e-mail is
"messed up," and recently they did "a big upgrade" which broke
things pretty badly but now she ways it mostly seems to work. Except
for me. Well, I finally did some investigating, and found out what
at least part of the problem was. At the end of this message, I
include an e-mail I telnetted directly to their primary so I knew
she would get it. She indeed did, and took it to her IT people. They
hemmed and hawed, and she said it didn't seem like they really
understood what I was saying. If that's true, they are in bad shape.
They are a 100% Microsoft shop. By dint of what they do, their
company gets e-mails from around the world, but I suspect they are
not receiving more than a few.
But I wanted to get opinions here - is there anything else I can do
probe-wise or otherwise for fun or science, eg probe what version of
server they are using on their primary, since they are obviously
obfuscating it? I don't really want to go to them directly now
(postmaster), since they know I will be connected to her, and
frankly, if they get their toes stepped on, I don't want her to
suffer for it.
[...]
Also, mail2.vifprogram.com is in violation of the spirit of RFC2821 for not
providing a domain name in the initial 220 response. You can obfuscate which
Microsoft mail server is in use if you like, but at least try to be
good netizens :-)
The typical cause of what you see there (all asterisks) is the use of
a misfeature of the Cisco PIX firewall called "SMTP fixup" whereby
the PIX does a line-by-line proxying of all of the SMTP commands and
responses, intentionally breaking things which are not deemed safe or
essential by the people at Cisco who clearly know absolutely nothing
about SMTP. The breakage of the banner is just the beginning and no
one should ever use that setting of the PIX. Among other absurd
nastiness, it breaks if the entire terminating '\r\n.\r\n' is broken
up between more than one TCP segment or IP datagram.
It is extremely common for organizations with amateur firewall admins
to choose the PIX and leave the SMTP 'fixup' and scratch their heads
for months about the double-digit percentages of mail they never see
before getting the message that Cisco screwed this idea up so badly
and famously that they've never even bothered a serious attempt at
fixing it.
--
Bill Cole
[EMAIL PROTECTED]
#############################################################
This message is sent to you because you are subscribed to
the mailing list <SIMS@mail.stalker.com>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
