Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SMTP Fixup and SMTP AUTH 1

Status
Not open for further replies.
pixboy

pixboy

MIS
Nov 21, 2001
153
US
I know there's been many posts on the Pix firewall's SMTP fixup command. However, the vast majority seem to be dealing with issues related to Exchange servers. We use Netscape Messaging Server (3.6 in production, and I'm testing 4.15).

Right now, our mail server is outside the firewall. On my testing box, which is inside the firewall, I realized that the SMTP fixup command is preventing the use of SMTP's AUTH, since it restricts the session to straight SMTP, and not ESMTP. (And, no, this isn't one of those port 113 IDENT things.)

Our mail server requires that you either pass the AUTH test or match a predefined list of IP addresses that can relay. (My testing box is the same way, even though it's implemented differently. That's because Netscape Messaging Server 4.15 can do it at the protocol level, rather than at the post-SMTP receive stage. Much nicer!)

Here's my overall question -- What is the danger in turning off the SMTP fixup in our situation? I have two mail servers (both Netscape, not including my testing box) behind our firewall already, and I don't want to open them up to potential problems. I've seen several mentions of "not-so-nice" SMTP commands that would be permitted, but I'd like to know what impact they might have. Any thoughts would be greatly appreciated.

Thanks!
 
Sort by date Sort by votes
Yizhar:

Thanks for being the voice of reason and knowledge. I was pretty sure things would be OK if I disabled the fixup.

I just have to check the other two mail servers that are already behind the Pix to make sure they're at least up-to-date. (We have another one that's already outside, and I'm pretty sure the other two are at the same patch level and all, so things should be OK.)

Thanks!
 
Upvote 0 Downvote
I'd agree with Yizhar here. In addition you can configure soecific mail services on the mail server. Patch it and also look at the configuration.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
756
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
575
Nitta84
Nitta84
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
221
ITSUPPORTIT
ITSUPPORTIT
texwiz
  • Locked
  • Question
need some help to properly set up, segregate and secure a network with an ASA 5505
Replies
2
Views
303
texwiz
texwiz

Part and Inventory Search

Sponsor

Back
Top