Brian A. Henning wrote:
Cisco PIX boxes do SMTP "fixing" - if you connect to the PIX, it will snag the session, chat with you, validate each command you type one by one, and if it passes the validation proxy the command through to a configured smtp server on the back end. This is highly annoying because it's not a very good SMTP server (it doesn't support ESMTP), but it's definitely recognizable once you've seen it once or twice. Cisco refers to this as "MailGuard" and the documentation for it can be found here: http://www.cisco.com/warp/public/110/22.htmlHi Listers, Got the Cisco PIX firewall figured out (gracious thanks to those who helped!), got the router/modem into bridge configuration, all is well...except SMTP. <snip> SMTP from outside the LAN works....not great. If I attempt to telnet to port 25 from outside the LAN, I get this response:
220 *********************************************2*******2**********2******200** ***20*****0*00
..and from that point, the session is unresponsive.
Anybody know what that means, and how to fix it?
The info there should be plenty enough to get you up and going. The super-abbreviated version is something like this:
static 111.222.111.1 10.2.1.1 conduit 111.222.111.1 25 tcp 0.0.0.0 0.0.0.0
or by contrast, to disable it, you should be able to do something like this:
no fixup protocol smtp
Cisco freely admits in their docs that if you have an ESMTP server that you may have to disable it for mail to work right. (Hint: virtually every smtp server out there talks esmtp...)
Enjoy!
Aaron S. Joyner Not a Cisco-Guru, just someone who's fought this battle before
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
